Teaser Dragon CTF 2019 - rms

Sep. 26th, 2019 11:04 pm
mephi42: (Default)
[personal profile] mephi42
Convince rms.hackable.software:1337 (binary) to download http://127.0.0.1:8000/flag


Naive attempts fail with "localhost not allowed". A quick look with angr-management shows that the check is performed by calling gethostbyname2(AF_INET6) (with fallback to gethostbyname2(AF_INET4)) followed by comparison with inaddr6_loopback or 127.* depending on which of the two calls succeeded.

A way around is to use hostname 0. It resolves to IPv4 address 0.0.0.0, which is not matched by either check, but will represent the current host when passed to connect().
  • Add Memory
  • Share This Entry
This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting
 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

mephi42: (Default)
mephi42

September 2019

S M T W T F S
1234567
891011121314
15161718192021
22232425 262728
2930     

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 8th, 2025 02:44 pm
Powered by Dreamwidth Studios