 Hello everyone in this video. I want to showcase more of that local CTF or capture the flag competition and I kind of put together myself for my local school and The challenge that I want to look at was called UPX and Challenge prompt is I checked the mailbox and found this and the hint is actually truncated here But the hint should have been this isn't UPS. It's UPX So this delivery was something you you as the user would go ahead and download and You would want to show it in the folder that you and and moved into navigated into so you could actually interact with the file so I'll demonstrate this for you. It's under my UPS folder and delivery is the file right here This may or may not already be solved admittedly but once you run delivery, which would be You'd note that it is a executable. You would know that. Oh, this package must have been shipped to the wrong address So I'm actually just gonna copy the a Local one to make sure it's the right thing Because you'll see very very soon that it overwrites Okay, so the ploy is that You will do a little bit more reconnaissance on this file and You'll notice that it has some interesting things In that there's like nothing really in the file that you can see like you can't find that string that says oh no This package has been delivered to something else But hopefully if you were to keep looking and looking and looking you'd see a little bit more strings pointing you towards UPX Which is the universal packer for executables I'm trying to find it now. I want to look UPX. There's some note of the top and then so there's more info This file is packed with the UPX executable packer and it gives you a link to their web page So that's kind of convenient for the for the individual trying to solve this challenge So I don't know if they store that in the metadata or not No, okay, I don't know but that's how you as the user. Hopefully you would figure out that. Oh, this is UPX and Hopefully they had not seen that before so we'd be able to go to that website that they kind of gave us the ultimate packer for executables and I think in my case a lot of the guys needed to download the 64-bit just Linux version and then they were able to just run it straight from the command line so UPX ultimate pack of executables if you go through and read the man page or look at the hint you can decompress these files so UPX Dash D on that delivery that executable what it does is it will go ahead and okay Decompress it or unpack it and it tells us it unpacked one file So there were no problems no issues and it doesn't actually create a new file It just goes ahead and I think overwrites the current one. So You would probably at least very likely you would still run the file itself, but it gives you that same Oh, this package must be shipped to the wrong address you as a individual would have to run delivery with strings so now you can be able to look at all the strings inside the file and I Will pipe this through less so we can keep hunting and Of course at this point you would know hopefully the okay, let's try and grep for the flag itself Let's see if we can find you a CGA. So I'll look for that and I say yep, there it is You a CGA packing an executable can hide some data. It's just like that string so I Will go ahead and copy that I should have just done it straight up in the strings out But Now we can go ahead and submit that and get our flag. So the way that I built that was super easy The create script Would actually compile a source code of C with the 32 bit and make sure it's static so because typically up X has to have a like large enough file that it can pack it and Actually because the program does pretty much nothing. It actually wasn't large enough by default so you have to say static in GCC when you compile it to note, okay I want to include like pretty much everything and make this make this program large and then it Packs it with the UPX and that dash dash exact. I think retains all the information Exactly when compressing required to be able to get a byte identical file after decompression with option D It looks like it's not entirely in progress or love the case maybe but I ended up using it to see because I wanted that bite identical file so the source code is actually just a simple C program that literally just says hey This package must have been shipped with to the wrong address so earlier when I was creating this I actually couldn't store these strings as Strings because the compiler like GCC would notice. Oh the program actually isn't any isn't doing anything with these strings It's not printing them out on the screen So I don't think it just even it like it wouldn't even keep track of the strings in the executable itself I would compile run strings on it and I wouldn't be able to find these things so I had to create kind of like a Fake case where like hey, I still want to execute statements with these with it with this data Like I want to be able to work with it So it's included inside of the binary and inside the executable. So what I actually did is I just tested Like a completely unnatural case a completely like implausible thing if the home environment variables equal to something unnecessary Again that just wouldn't happen But that way it would keep these strings and that in that data with the file because it knows okay There's a possibility obviously not realistic, but there's a possibility that these Commands and these statements could be executed So we have to keep the strings in the binary inside the executable and then I would just go ahead and pack it with upx And then we'd have the challenge and we could decompress it just like we did it to get the flag So yeah, we got our points and that's pretty much it That's how I finished and wrote you the upx challenge. So thanks for watching guys Hope you enjoyed this one and I'll see you in the next video