| Title | Author | Created | Published | Tags | | ------------------------------------------ | ---------------------------- | --------------- | --------------- | ---------------------------------------------------------------------------------------------------------------------------------- | | Module 13 - Binary Analysis & Exploitation | <ul><li>Jon Marien</li></ul> | August 01, 2025 | August 01, 2025 | [[#skillsontario\|#skillsontario]], [[#competitions\|#competitions]], [[#certifications\|#certifications]], [[#classes\|#classes]] | # Task - Lab 11 **CyberQ Module 11 13 Lab (Binary Analysis and Exploitation)** 1) Capture all flags 2) Complete the following exercises - Exercise 1: Binary Analysis - Exercise 2: Binary Analysis on a 64-bit Machine - Exercise 3: Binary Analysis Methodology - Exercise 4: Advanced Binary Analysis Output/Report: 3) Screenshot of finished lab score 4) Screen captures of the following steps from the CyberQ Lab Instructions document. - [Exercise 1: Binary Analysis (Steps: 18, 65)](#Exercise%201%20Binary%20Analysis%20(Steps%2018,%2065)) - [Exercise 2: Binary Analysis on a 64-bit Machine (Step: 12)](#Exercise%202%20Binary%20Analysis%20on%20a%2064-bit%20Machine%20(Step%2012)) - [Exercise 3: Binary Analysis Methodology (Steps: 32, 39)](#Exercise%203%20Binary%20Analysis%20Methodology%20(Steps%2032,%2039)) - [Exercise 4: Advanced Binary Analysis (Step: 16)](#Exercise%204%20Advanced%20Binary%20Analysis%20(Step%2016)) Use the Lab Guide for preparing the report. --- # Module 13: Binary Analysis & Exploitation --- # Exercise 1: Binary Analysis (Steps: 18, 65) In `pdf`, we can see here that there is a string being compared, this is most likely where the password is being checked: ![[image-829.png]] We can see it in `gdb`, too: ![[image-830.png]] ### Step 18 ![[image-831.png]] I could not get (for whatever reason) the filesystem to realize the file does exist, I could not even run it in the terminal as a program, like `./crackme0x00a`, very very odd. I even tried duplicating the file, or copying to another folder, but no luck. Shame, because I really enjoy Binary Analysis (& Exploitation). ![[image-832.png]] ### Pre-cursor to Step 65 I must have tried to make this `.asm` file 10 times, it worked none of the times: ![[image-833.png]] ![[image-834.png]] Did some research, found that the Ubuntu machine was trying to compile to be a 64-bit program when it was 32-bit, so this command fixes it: `ld -m elf_i386 -o code-one code-one.o`: ![[image-835.png]] ![[image-836.png]] ![[image-837.png]] ![[image-838.png]] ![[image-839.png]] #### Step 65 ![[image-841.png]] > [!Answer]- > ![[image-840.png]] --- # Exercise 2: Binary Analysis on a 64-bit Machine (Step: 12) ### Step 12 ![[image-842.png]] > [!Answer]- > ![[image-844.png]] --- # Exercise 3: Binary Analysis Methodology (Steps: 32, 39) ### Step 32 ![[image-845.png]] ![[image-846.png]] ### Step 39 ![[image-847.png]] ![[image-848.png]] ![[image-849.png]] ![[image-850.png]] > [!Answer]- > ![[image-851.png]] --- # Exercise 4: Advanced Binary Analysis (Step: 16) ### Step 16 ![[image-852.png]] ---