Cyber Apocalypse 2022 — Space Pirate: Going Deeper

Going Deeper is a Pwn Challenge from Cyber Apocalypse 2022 and has the following description:

Decompiling

After decompilation with Ghidra there was an interesting function called admin_panel. It contains a subsroutine which checks for a specific input:

Exploiting

To exploit the challenge we had to start the instance and connect to it via Netcat. I have wrote the following script, which connects to the service and sends the string in line 29 to the service after selecting “Login” option:

Then I have run the script with Python 2:

python2 exploit_remote.py

And was able to receive the flag:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store