HackTheBox Golfer Challenge

https://app.hackthebox.com/challenges/378

Description

A friend gave you an odd executable file, in fact it is very tiny for a simple ELF, what secret can this file hide?

Exploitation

Steps Taken for Binary Modification

Using Hexadecimal Editing:

1. Dump the binary to a hexadecimal file for editing:

   xxd -p golfer > golfer.hex
   

2. Edit the hexadecimal file:
   • Open golfer.hex in a text editor.
   • Locate and replace the sequence e9d6000000 with e900000000 to modify the binary’s behavior.
3. Rebuild the patched binary from the edited hexadecimal file:

   xxd -r -p golfer.hex golfer.patched
   

4. Set execute permissions on the new binary:

   chmod +x golfer.patched
   

5. Run the patched binary to observe the changes:

   ./golfer.patched
   

Using radare2:

1. Open the binary with radare2 with relocation adjustments and write permissions:

   sudo r2 -e bin.relocs.apply=true -w ./golfer
   

2. Navigate to the specific address and modify the instruction:

   s 0x0800004c    # Seek to the desired address
   pd 1            # Display the current instruction
   wao nop         # Replace the instruction with NOP
   pd 1            # Display the modified instruction
   q               # Quit radare2
   

3. Execute the modified binary:

   ./golfer
   

Summary

Golfer: trace the binary, isolate the validation routine, and invert it to recover the flag.