Such CTF Very Wow – 30C3 Doge1 Writeup

Oh man, I wish I had more time to spent on this CTF but work/other stuff got in the way.

I post this challenge mostly because it was really funny to me, and kinda technical (what more could a nerd ask for?). Due to this challenge not being incredibly complicated I’m just going to post my process in pictures and explain it at the end.

The Challenge

Selection_019

Selection_011

Selection_012

Selection_013

Selection_014

Selection_015

Selection_016

Selection_017

Selection_018

mandatory@mandatorys-box:~$ python -c "print 'A' * 32 + '/etc/passwd' + '\x00'" | nc 88.198.89.218 1024

Basically, I absent mindedly filled the first input with a bunch of “A”s (thinking this was a stack overflow thing) and overflowed the filename. After I figured out what was happening I padded with 32 bytes and added a filename (/etc/passwd) and a null byte to terminate the string. Tada, we have a printout of the /etc/passwd file with the key in it. This exploits what was supposed to show the doge face from “ascii_art_doge_color.txt” and instead showed the /etc/passwd file.

Wow. Much challenge. Very Binary.

About the Author

Matthew Bryant (mandatory)

Matthew Bryant (mandatory)
Security researcher who needs to sleep more. Opinions expressed are solely my own and do not express the views or opinions of my employer.
Follow @mandatoryprogrammer
Read More

"Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains

**NOTE:** *If you're just looking for the high level points, see the"[The TL;DR Summary & High-LevelPoints](#the-tldr-summary--high-level...… Continue reading

Video Downloader and Video Downloader Plus Chrome Extension Hijack Exploit - UXSS via CSP Bypass (~15.5 Million Affected)

Published on February 22, 2019

Kicking the Rims – A Guide for Securely Writing and Auditing Chrome Extensions

Published on June 12, 2018