Strace and the utumno0 CTF

I'm trying to figure out the "utumno0" Capture The Flag (it can be found
here[1]).

No success so far, but trying to solve this exercise I decided to read
the strace(1) manpage thoroughly, to understand if it could be a valuable
tool.

I find strace(1) to be really a valuable tool for reverse engineering and
computer forensics!  I collected a few flags that I find interesting in my
"Today I Learned"[2] list, and I'll report them here too.

[1] https://overthewire.org/wargames/
[2] gopher://dacav.org/0/textfiles/til.txt

                                     ...

Useful strace(1) options

The -e flag can be used for a variety of things:

- To filter the systemcall.  It supports classe of syscalls, e.g.
  `strace -e %file x` is equivalent to
  `strace -e trace=open,stat,chmod,unlink,... x`.
  Hidden jems in the available classes.

- To dump the data of the read/write operations.

- To decode information about the file descriptors (e.g path of the files)
  (see also -y / -yy / -Y)

- To inject syscall behaviours.

The -c flag shows a table of statistics on invoked syscalls.

The -z/-Z flags filter successful and faulty syscalls respectively.

The -r/-T flags measure times between and within syscalls respectively.
Possibly useful for a rough performance assessment.

You are viewing proxied material from dacav.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.