下载附件,用ida打开,看main函数。
发现程序写了一个文件又删掉了。
于是放到linux上用gdb调试,给remove打个断点,然后直接cat查看一下
$ gdb getit
...
Reading symbols from getit...
(No debugging symbols found in getit)
(gdb) b remove
Breakpoint 1 at 0x4005c0
(gdb) run
Starting program: /home/kali/ctf/getit
Breakpoint 1, __GI_remove (file=0x7fffffffe280 "/tmp/flag.txt") at ../sysdeps/posix/remove.c:33
33 ../sysdeps/posix/remove.c: No such file or directory.
(gdb)
很好,一堆*
继续看IDA,t应该就是我们的flag,复制地址
gdb看一下这个地址