Google CTF 2018
Admin UI
The command you just found removed the Foobanizer 9000 from the DMZ. While scanning the network, you find a weird device called Tempo-a-matic. According to a Google search it’s a smart home temperature control experience. The management interface looks like a nest of bugs. You also stumble over some gossip on the dark net about bug hunters finding some vulnerabilities and because the vendor didn’t have a bug bounty program, they were sold for US$3.49 a piece. Do some black box testing here, it’ll go well with your hat.
nc mngmnt-iface.ctfcompetition.com 1337
You can find my all CTF solution in here
First review
İmportant Release notes: -Fixed path traversal bug and Rollback of version 0.2
I think this program have path traversal bugs.
I tried some of paths but I think I counldn’t true path
This program is open given path If I can re-write this code in c. Actually codes use fopen(“Version0.2″,”r”);
In the ubuntu I you open /proc/self/cmdline directory with any editor or program this return program name
also /proc/self/maps shows full directories in memories.
After that I push the hex file into to hex. When I dive into in hex file with hexeditor I found some flag ctf and password words. But /.flags shows like directories
When I try to run ./flag in smae directory I found the flag 🙂
CTF{I_luv_buggy_sOFtware}