0、下载附件,使用EXEinfo PE查看文件类型
![](https://www.icode9.com/i/ll/?i=20210510234955829.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L0NoYW9ZdWVfbWlrdQ==,size_16,color_FFFFFF,t_70)
发现是64位ELF文件,而且加了UPX壳
1、使用UPX Shell 对文件进行脱壳
![](https://www.icode9.com/i/ll/?i=20210510235110409.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L0NoYW9ZdWVfbWlrdQ==,size_16,color_FFFFFF,t_70)
2、使用IDA 64打开脱壳后的文件,查看main函数
![](https://www.icode9.com/i/ll/?i=20210510235205793.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L0NoYW9ZdWVfbWlrdQ==,size_16,color_FFFFFF,t_70)
![](https://www.icode9.com/i/ll/?i=20210510235302428.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L0NoYW9ZdWVfbWlrdQ==,size_16,color_FFFFFF,t_70)
直接能从注释部分看到flag
3、得到flag:flag{Upx_1s_n0t_a_d3liv3r_c0mp4ny}
标签:文件,脱壳,reverse,查看,simple,flag,64,UPX,unpack
来源: https://blog.csdn.net/ChaoYue_miku/article/details/116616232