Going Deeper is a Pwn Challenge from Cyber Apocalypse 2022.
After decompilation with Ghidra there was an interesting function called admin_panel. It contains a subsroutine which checks for a specific input:
To exploit the challenge we had to start the instance and connect to it via Netcat. I have wrote the following script, which connects to the service and sends the string in line 29 to the service after selecting “Login” option:
Then I have run the script with Python 2:
And was able to receive the flag: