This task i very tricky and can be solved quickly if you know how the perl2exe tool works
We have 2 hints : "No comments.." and "Something hidden"..
perl2exe is a tool which create a standalone program from a perl script file. So our target is to find the perl.
Globaly this is the behaivour of the binary :
-It extract a DLL file ""p2x5123.dll" into a temporay folder
-Load this DLL
-Call p2x5123_RunPerl routine
-Call subroutines in this order :
-p2x5123_Perl_sys_init
-p2x5123_perl_alloc
-p2x5123_perl_construct
-p2x5123_perl_parse
-p2x5123_perl_run
-p2x5123_perl_destruct
-p2x5123_perl_free
-Free the DLL library
-Remove the temporary Folder
To get the temp folder location in where all files will be dumped, we just make a breakpoint @mkdir function and get the argument
All files needed by the script will be dumped at : C:\Users\aioria\AppData\Local\Temp\p2xtmp-2444
At this point we can activate debug mode to see what happens exactly during the execution, i loved this :D
Nice here we get a list of the files being dumped to the temp folder including our perl script file _main.pl
At this level we enemurate all the files and we decide which one will be kept in the disque, here we keep only xpm files, just we patch(JNZ -> JZ) this entry and we will have all files kept(expect *.xpm) :D
And this a screenshot of the debugging log
We go to the temp folder we wil find all the files we want
We open the hidden _main.pl file and we take the flag
The flag is : ebCTF{edbdb03c7998fa751be21d1364a58600}
;)
We have 2 hints : "No comments.." and "Something hidden"..
perl2exe is a tool which create a standalone program from a perl script file. So our target is to find the perl.
Globaly this is the behaivour of the binary :
-It extract a DLL file ""p2x5123.dll" into a temporay folder
-Load this DLL
-Call p2x5123_RunPerl routine
-Call subroutines in this order :
-p2x5123_Perl_sys_init
-p2x5123_perl_alloc
-p2x5123_perl_construct
-p2x5123_perl_parse
-p2x5123_perl_run
-p2x5123_perl_destruct
-p2x5123_perl_free
-Free the DLL library
-Remove the temporary Folder
To get the temp folder location in where all files will be dumped, we just make a breakpoint @mkdir function and get the argument
All files needed by the script will be dumped at : C:\Users\aioria\AppData\Local\Temp\p2xtmp-2444
At this point we can activate debug mode to see what happens exactly during the execution, i loved this :D
Now we do some Step into execution until we get the trick which will make our life good :D
And this a screenshot of the debugging log
We go to the temp folder we wil find all the files we want
We open the hidden _main.pl file and we take the flag
The flag is : ebCTF{edbdb03c7998fa751be21d1364a58600}
;)
