Perform a core dump
reference: https://linux-audit.com/understand-and-configure-core-dumps-work-on-linux/
The plan is to execute the program, have it read the file into memory, and then purposefully crash the program. Causing a core dump will dump the contents of the applications memory to a file.
The core dump files are located at /var/crashes
, and they can be unpacked using apport-unpack
to view the data.
You can use 'less' to view the core dump, but its a binary file and the data is hard to sift through. 'xxd' would be a good option, but since we’re looking for a flag string, using the 'strings' command is the best call.
Last updated