BX02 - 100pts
Last updated
Was this helpful?
Last updated
Was this helpful?
Access the network service at url:
cfta-bx02.allyourbases.coport:8013and find a way to get the flag.
It doesn't matter what input we give the service. It always tells us DEBUG: Input length too large. So, the first step is to see if we can find an input that is not too large. I wrote a Python to try every printable ascii character.
The finds that # is the only printable ASCII character that is considered short enough.
I tried sending a lot of #s by running python -c "print('#'*4000)" | nc cfta-bx02.allyourbases.co 8013 and got this error ERROR: Expected userID Variable of 1..
Maybe this service is vulnerable to a buffer overflow. Let's try to find an offset using a script similar to the one used for . The next stage of does this. It keeps sending more and more #s until the message ERROR: Expected userID Variable of 1 is shown. The offset is found to be 2005.
A buffer overflow is successful. The final payload is: python -c "print('#'*2005+'1'*30)" | nc cfta-bx02.allyourbases.co 8013. The 30 1s is arbitrary. I tried one 1 and nothing changed so I tried 30 and it worked.
ThIsOneIsAbITFuZZy-6y