For a long time i was waiting to learn Gdb scriptting today i got a chance to start with it
The given binary was taking the flag as argument , and checking it byte-by-byte so i wrote a script that bruteforce char by char and to run the script gdb -x script.pt ./bin
import gdb
keyspace = list("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#%&()+,-.:;_{|}~ ")
gdb.execute("set pagination off")
flag = ""
gdb.execute("b main",True,True)
gdb.execute("b *0x80485cc",True,True)
for i in range(43):
for char in keyspace:
gdb.execute("r ",True,True)
gdb.execute("set $eip=0x080485c2",True,True)
gdb.execute("si",True,True)
gdb.execute("set $eax="+hex(ord(char)),True,True)
gdb.execute("set $edx="+str(i),True,True)
gdb.execute("c ",True,True)
eax = gdb.execute("p/d $eax",True,True)
eax = int(eax.split("=")[1])
if eax == 1 :
flag+=char
print("[+] "+flag)
break