Are you trying to master the ELF format and you need some stuff to try your new skills?.. well, this is a simple challenge for you to try.
A colleague that works as Network Engineer for an important company has captured a piece of malware that somebody was trying to use against the company. Your friend tried to take a look at the code using
objdump but he couldn’t get anything so he come to you, an expert hacker, master of the Elfs to help him get the assembly code for that malware.
Note: The binary in this challenge does not contain any malware. You can run it if you want but that is not even necesary
Fix the binary file. So you can disassemble it using
objdump and figure out the thread for this zero-day malware.
To probe you fix the binary, post the output of
readelf -hin the comments. Use the
spoiltag so your solution is not seen by other people trying to solve the challenge. Be free to provide a brief write-up explaining how did you solve the challenge
To get the binary you will have to copy and paste the text below in a file name
rec01.gz.base64 (actually you can name it as you wish… it is just a name)
Then you have to figure out how to get the binary out of that file.
Hint0: No idea on how to get the binary file
Well, this is hint 0 because we have already gave it to you. Check again the file name we have proposed and make a guess
Hint1: How to get the binary
cat rec01.gz.base64 | base64 -d | gunzip > rec01
Hint2: Not sure what to do next?
Try readlelf on the binary and check the output. There are some complains in there.
Hint3: Use this as last resource in case you are really stuck.
The original program has 9 sections… Now it should be easy!
Your Secondary Goal
Write a program to apply this basic anti-forensic technique to any ELF file
Then you can sell this tool to your colleague company so they can analyse future malwares using this technique.
The Challenging Binary