Daniel Foudeh

We’re presented with a Flask web application that appears to be a calculator service. The calculor endpoint: def execute_code(): code = request.values.get('code') output_tmpl = request.values.get('tmpl') if len(code) > 3 and any(c in code for c in "0123456789+*-/"): return render_error("This is a ~~Wendys~~ TI-84.") Input code must be ≤3 characters or code cannot contain digits (0-9) or math operators (+*-/) if longer than 3 characters User-provided code is inserted into code_tmpl.py. The code is executed in a sandboxed Python environment The application uses os....

We are given a Java Spring Boot web application. The website sells dry ice - we can purchase a flag that costs $1,000,000 but we only start with $100. The first vulnerabilty is with the admin check: if ((user.admin = true) && user != null && name != "flag") { availableProducts.add(new DryIceProduct(name, price, description)); } This uses assignement = instead of comparison == so user.admin is set to true for any user making a request....

The challenge presents a math game where we have to solve expressions to reach target numbers 1,1,000,000. ╔════════════════╗ ║ Puzzle #1 ║ ╚════════════════╝ Target: 234 Nums: 25 6 2 4 3 4 The actual challenge is escaping a python sandbox. Looking at the source: #!/usr/local/bin/python from re import match from sys import exit from time import sleep from countle_puzzle import generateSolvablePuzzle def format(s): return (s.replace('~E',"\033[0m").replace('~R',"\033[0;1;31m").replace('~N',"\033[0;1;7;31m") .replace('~w',"\033[7;37m").replace('~u',"\33[4;31m").replace('~Gr',"\33[0;90m").replace('~r',"\33[0;31m") .replace('~G',"\033[0;1;32m").replace('~B',"\033[1;34m")).replace('~W',"\033[1;4;37m") def banner(): return format(r""" ~R( * ) ( )\ ` )\ /( )\ (((_) ( )(_))(((_) )\\~E___ ~R(~E_~R(~E_~R()) )\\~E___ ~R((~w/ __|~E ~w|_ _|~R((~w/ __|~E ~w| (~E__ ~w| |~E ~w| (~E ~w\___|~E ~w|_|~E ~w\___|~E ~RWelcome to the~E ~NCountle Training Centre!...

Starting with file and checksec commnads, we see that we have a statically linked binary with all protections except PIE turned on. [d@d-20xxx10100 challenge]$ file power_greed power_greed: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=0b1f10b9e9720538e9c4a290c03cb9fe87a03401, for GNU/Linux 3.2.0, not stripped [d@d-20xxx10100 challenge]$ pwn checksec --file=./power_greed [*] '/home/d/Downloads/htb25/challenge/power_greed' Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x400000) SHSTK: Enabled IBT: Enabled Stripped: No We can trigger a buffer overflow, and it looks like there is no canary....

Volnaya Forums is a Next.js web application simulating a forum platform. The goal was to obtain the flag, which is only accessible to the admin user via the /api/auth endpoint. We are first presented with a login page, where we can create a new user and login The forum is filled with posts, and we are not allowed to post but we can report posts. Also, we have a user profile:...

Steve Le Poisson was a web challenge from UMD CTF 2025. The site plays a fun video of Steve: Once the video ends, we have a page with an input box: Lets take a look at the given source: // 📦 Importation des modules nécessaires pour faire tourner notre monde sous-marin numérique const express = require("express"); // Express, le cadre web minimaliste mais puissant const sqlite3 = require("sqlite3"); // SQLite version brute, pour les bases de données légères const sqlite = require("sqlite"); // Une interface moderne (promesse-friendly) pour SQLite const cors = require("cors"); // Pour permettre à d'autres domaines de parler à notre serveur — Steve est sociable, mais pas trop // 🐠 Création de l'application Express : c’est ici que commence l’aventure const app = express(); // 🧪 Fonction de validation des en-têtes HTTP // Steve, ce poisson à la sensibilité exacerbée, déteste les en-têtes trop longs, ambigus ou mystérieux function checkBadHeader(headerName, headerValue) { return headerName....

Cobra’s Den was a python jail escape challenge for IrisCTF 2025. What better way to start the new year than with a pyjail? Lets take a look at the code # flag stored at 'flag' in current dir import builtins all_builtins = dir(builtins) filtered_builtins = {name: getattr(builtins, name) for name in all_builtins if len(name) <= 4} filtered_builtins.update({'print': print}) whitelist = "<ph[(cobras.den)]+~" security_check = lambda s: any(c not in whitelist for c in s) or len(s) > 1115 or s....

White Rabbit is a shellcode challenge I created for WWCTF 2024. I will walk you through the intended solution and share an very clever approach discovered by my teammate @Nosimue. Overview We are given a binary (white_rabbit) and a remote netcat endpoint. The first step is to analyze the binary’s protections useing checksec [d@d-20tk001gus challs]$ checksec --file=white_rabbit RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE Partial RELRO No canary found NX disabled PIE enabled No RPATH No RUNPATH 31 Symbols No 0 2 white_rabbit NX Disabled: Allows execution of injected shellcode....

We are given a python file that contains the following: _ = lambda __ : __import__('zlib').decompress(__import__('base64').b64decode(__[::-1]));exec((_)(b'=43mlr8D+//vPzftuhgcDl3/aVk3oxpv0SZZul34uFyULTRdnYokAKkMZ/3wWYkDRRh/8qQKEBBQ9n1HCCQBRnkVjIJLEAZRGL6861F2qa+JrTdUDib5g+9H3H8K2a9jbNy62YcvIHClbGtH5J4FgnO5jpcfoT2IgGDha2/LSb6rYy6jFRTiWCaTTz58i3Rp4n3TCYYN+yhNGtn+MypKKABrwBnLT5gNw9k3cmfQX0vgTONGLeeHaPUDC7vY8+ynebM2ZuAWMkk/mZRsceApUn8mbSzfU+WgtUVSom4y5zPfDv5qTtkv9M5pMq0JBkzGiodv91ZuQ9LlgfUnUlFwrHfBqVhTqHoSLH2GG4hsFx4hG5/03Nb3yWbBZmqNGjKHQexi8lnKe01H0r4DHjyCJd7OfOXeHfACb901MHSDJZXYeSXUfevKnfUmq9/App6/THKqQBDJEyBHro4hmhm/zUsoP41PB7+1q6fF5sH8nQBN77yz3FP1qlSZ3vc/N9E9evG1QB3AepWuImEo13UMxQi/sQ0nfelcjlSg4pmcvuIb6Z3PsOaSnsLj5SXUeJghqp0OUiAZNLw4copV6ob1k4AtXgL2rh5skHak1yrX3nCjLlaHn/kxHk+ZswMCIA3vxQv7QPlvOOoItco2oGlhBBzDRXZ+dfXkkwzzIrJ4tUX5ZNqO3eEtIv2v4EVdG1Ol05ekn5LswyJ2dwLVSGQd/130MuaFMLvqDdrOuz8G8gZkAtxQkWYSY/BTlgXf6ECL/trMrJwBEqLA7F9+gQ17+09OYKmiTLR5TxnSpbmfx6dlLaYORHQ2zGI3EiCaRAzDSyq+W4wifsB7c6ioHWlSI/8DYi/Ti8kMvXml5Rt8vBUudxTjILfuU6oKT+k1rDpV9Cl5m9MVNcDmylfsef/TAQdDA8CQGU1DTps54fj5TFnWyguwPOufSzltb5t/mcACXu40cNqzAoyXAYf8gfg2zO81BefQR4tzXwFvafM4jrf7yccSKZofYmDaHZmCJ1D64vfJsc+7znX6YYyONjmXa+XpejHa7V7djClz8K60Ym2H2MnMIjFkOC+aq6f5QrntXk+XbwBHp6GQPwFbSuXBletJp/Y07vtd6FuA65HV+aZah9tSog7HE42DGIDO8aleR7mwItlQ0oU8AX3rFXC4DYofryPTBFiMeeFvJp4xbwB/4jczWI7Hj23eYKsHS3bcOltVlc3IA6oSWIKm20Fcg0vGkNJ/3DhbX+/WQlK+OgbfIbmeihCfKy7IyBb5X3HIe2W+RXsyM9AirhNpyz3qHen619PmAteTqyabGQCNDpsFHH0ebmyIWUY83ShqlyK3ouI9XtNcC8TbfeVCeAygCwX1ERx8KtRnfocp+/igOUwpuMsBiKKoK7CN4NL6+X2jhXcyhi93Wn1PyA2jiQumlWKlTBcEXNPWnidZaXaBiGCsOpVkrKKxtqfWxCklgPnUmn7/jHoMdoD5bgn/QRMKCdMmGpVD2aVJjjCBHFoSXwSlSAaHhZBcDzEF3OmL2bKWrWflF8Si96iJ/RGjwmyIsK071RETyG3h3nEtIcAX7WpLdcgKv26YLe5AwYxiQHzeV8iTQn8HBiLDRyW7xlmPTR2fQJcth6lvGooJF5VvFSH8gJbZiXd4bmmJ8R9MlaKaIeuYkTg5dLytwlV/v+19o7/c/mpEPcMejnwKAW5lqpzOqG3fY/kru3iPCrsA/NbdmeZCv5H6RZphPTKF90nnn7RBwvTp+KWTZegYKgAeALcaoSes/C8rpeXT5x278LNocQP/AyML1kAJ0kkR0RBEXQSE/uZ/IKcM3Ckfut9wORKVI+z7qV1zQUrg8332QmgaBXL/xmNJecswawhFw0dh6SMTODc+8SkgDUFoA3d+pHobJ0bFFiLM+/1N/eLDypVQuPEGf43yw7eFnzzEWn/mp8Dz+2ocEfwutlyAIaE1YFof3vcne7ycQBnzA5rfEroueKLehoIVzoDi7mtPUZj+vgSg9btTpvs2dU14HRsb/OJUZHy0KxDXCICP4gYMW9e2Y2RBqu2WkodHNkIhUsbPSlXwoVjWMRMYLNkxkpk4aa+zLqjid/K2n8cog3AR/GUyoEUi1FmA3TnPGfJJ1QXjEYhs1pfvj7QkOZLOmz1VBtS+lS9qgyGvAXuLP+dGEnzU2v1d5vhAuKRPu3zqId4fDBdq7qp4fR1qjlHcMA2ln/qc4/OAI1tlvpYwR5E7+IJEdJ6neyQPPTYEy2EJDzCeFTB46f5JvVPCMYSalhKjU6UZ2ScuckeeeK5bW9okmo5MDLAHDC/pR6QeE99wIct99xVARKDB+gtO4pc8YsfPY5+XffxuBvBkyYbtBVglBfx14bKjlJUFYMX3PYE/1cqyHK94uoqD+wBkisr4NdVdZTJGC/Uk3SqfB2aXDoIkAKm7RyxVNKsM8HE5BfI3k9Wm8ig0YWsMoR4mY1F8qyBytMdedYygRSLtwX4Rm++5w6tpF30C+jI73EvIYhp0SecdJFsTe2WtXmVJpNZ4bLDav/WUTZXCs9CdOYA9pzS/ogKz3J0XYAVWgZxHlW+eI9qjrpPFoIa0oRWUhaSOTywXcQoGaS8FwGLzFoymbCdLeLDDI5Km01/EcYRA3my09FNNUxLurqGypqslfK846JxsK29tzw5gZ05Q1z7W6DirizCyBaB4zsvbUDIz10LAHHEswcaPkiuiUUCxzjXggzaipTS8XgrTe6LP5HZ1DtxVRg0w2bJgeqRqjyHInA426Sn8cldiAAhZwJD+MxnXRqIwLKXliMIdYnz68Skm7Bw3DnO/z/6v9RTLnhtLTjQMVULsgq3U9uOlqOes+ReuPyRSKv8h7wr/+5ZBAF91xeiBGuSZMtL84Ju0tqmmKVsCEKD4q0SN5Wgcj846sNAKQyXOMgvVRMN+M557hQSI8S+LfUa50cekHalhr14u13vFcBSljSfMRTKkrThYGrpZ8YDentfypoCunb4HhCGzWMhEgrgfcrC5J+nU7r//o62XmN/TUgfDyaRzekJHIX24sI3kbQ+604sU9FKDdWGgf8I2iaLJyYoUElvYM1wzAbLwlUYp4MW0GqMyUQjvuYE7Y5lDSgRMzZe/tAAqr+EzZDz43yGUyJArDE9LfEFzfs7+RSsqeJSNA83nebCfxnmQsW1rmzomV0nFPvnfh1MhpPqDsp5b4SYmYOw9I9hTT/7dq1d/WzozF3gt6NABHNjOWEA1xaLgke4yORTk4Pjy60WBd/6hhu9nNwmMj+BU5mIXZVkPQnY5Wxo/Gm5PXPuttL1yDxgvrbimuZHwYyb51dIrY7r0GL+aL22oBdRjBUpgwiz+ek5zrzs8fvvortVjVOn5KTrNr7srz3uj+Lv995kx7xxpQkTfoKJkXMDTSY8iM4fJdgh+tcN7jsjSxg/6gLvy7q8S+sF49HAbKmloU8BHjrLax4E9gQJuT/6wBrQUy3O9CbjJ8bDpXycPKpSUK+Yw+/Dzn3NAP8i45erPgj1f1gLsfz/PBT9Dz3YPKiG9QL8BVgBsMTCJinsjV7H45aKaiFlEGzepumnoAoB9ekYwsOLJY/gUaJ8qr45pw+LsKz+x/ZejxMgHYz4ouhrT2FtF46zsdjoyZ2yozW9TrKRDze9Cy2Seg3VJ5JjSgIjqlCI54+h6sYKFjYMDhaxSUNuKyCTwImeXRsr5c14sJ1++0mlQeHVvMMaj3r0cfTCYqMQxBit7ZVqmsWuUcuQ2YOs2LUbThUTu5Cq3Ps/NLxtsTLQKdMf1/fZOTHLuAR5kr2KrfZ3dl8bZB/tNfIhps104ZFgjZBhBh5MX/MGDi+qK7r3Xh31VsOUy0RrpfzfE4v8ONNwIQumLrNaEzqFg9HLvgD0HtCdshUKw1OTLzvcyA40muY6DivRQ6HNMwJqo2NKEgtwPYES5X7gAqylhjvt/I0lcfTmGyNpNVL11T/dSDxTQeVag4gRWz4IaPEVB7lQ/eayiuUPcfeGDwoq7x+60U8umGa7wdWZJuNdwkMoCXUMJhP3U4DVfCXQ65ai/jlppFL/WURABHfOpLFZ0i4QaKhSaY5qrKQzUqPSM9Gm/EWMlSgIWBQFSyRA6vXLJyDwxrWH/n6YR8RA6kQoYVJ7PMqkKHqWt/XANKaHh1yyukWDMUd2o0GvhAzmJBaxfpN/Mx0fTsWNvoe6QMmGooOcQq3Q6E4Y1cSTdeZOIs0Q70pfyra6XCDqIjU1ekyHPaJA+TQbJ6wLVcmEkOBP587/VDYvEn/sFSIxEJpq6P5Jd0QU7OWPX8IrGBdFRf/Wo7PvhY+zTMka1qrkEp4JuQ1a8UJJzHMpE7V0N5hr09NSI938inFKmO8dSCcyDQF6yU06ek5Tee9BLUOHlPnoo4/44Ggp9fA9bKQzH4peh76lBneG2bSvRK1WFYAeP360tvZQniz3l/cNCX1iFbNLcPijfNpTE3qLmJ3/+kgL4rcyurM2JDz78oav/OLNAORwkDIVR+gGuDlUwQRXMH+cwpl98WwDlJ1mc+00hBsHtJCthbO/C6txZOBJdgVzzjQgiPH4M+KFI8dxZz6cWNiriv/22MrssPtoW9z0D3aUZ/hDpQX8ozTk0q6K3/bS/N23U2zzVpqsLBljh3nU7RI/IHfnnAbgP4ZY8ID4BC85deTD2hQPfdJv6usK+cnFgjLKQTRyn9XdL4I94hS8J6vvlpkKVo0crPTPlo8t/V+dlO+PPrZ0T7iv4oSemXrJu05RlvlW/SLQVLIOpZLrUH4UtKWVZFvGx1iobyk6Zo3YLaZzKlgie1KcWFLhJLjS+obwRvbKzilBn+H2y+iHDTkTKMdVS7K7jzWL7IBV9b+pXRhcQkdgzXsZdcaCYYbpCVFpYM814uxGB4vDV0QKcK7QL/Zc68TdNrTJv4NSbTa8DLqxc6wHpPAV6usT4ElUQCwYNq0wVpips/VORYimDKYcnzL2Tmp9YckZAxzsr3s77VfsKG3C/4e6oPE8i+vqzqdoScwJdA5Kc2Ijf0sfUk8eaaiHKsDAzWAJGoVhPamcA9bOchh0+XvUdA2R3iMtOoHWuguMqhTHYsSp1nTNnhiUcOMh6SYBP9V5+GDQ1hnZbQCJbgeu3lIuBANJomWA+aQBFlj1e36Qf0E71aAgQhpEiUoCt4WTbALMDAMEt39foJuJ7vn+cM5YMDm+I37B/p4PgYvGeMJxLJ0iLIL3YQbgCdF81EHbHr1QOaeJFXpzzmmQ6W6px9xvofUfEqw/9f8TEx/ZhJXd4l1REt9TlH0h0O/h7r87V9ZV5sxJfwPRHvYxqD+Td1kR9so/NcyvF9ASp+9h22btfRtbrth75tcX1Sd7aZDUsI7K02n4Yu4g3yvTuh+beKUa5UY30Do2LtU5vSXQuYOUzb2nt3JqUcBDDwXcE956tdGCx1oYhf4Igq5Lu9WdTpZeJsc7V5oyNQGRKPwYsxkJmIZz7gdT0dRdnXsZ3KGzGMyvKgV6O8T6onBPGD1GY07pjG+cqpyEtR4aHVXMlSyp8FiyNSHLc3SPA186n6AQd0olhM5LWrBI3dCk0C20f+Vrt5BICVcoY25l5+p72Jlc3n+sz5PauU08Q2ozPDdkIotdcKy2cQlYxUQLy+8m5XUUPNPHl8b1te4e6W7j7IGWGx66Vzb/mpK2IDJppqwl0ev5dQ1FtAnYFZ8TlCb9XCRCHL/gBjkrU2LPATaLdQHB5WFsJsgWcqswwyuXDAhfrzYcg3HdRb+TDvDjGUiErl/z1X5jX8Gu77LC3mcETeUAWulappBTbRyauWGvZ/hhd5YHPwaPD7Jl70QRJvpdO+e7nCBiC7tMCSZcoynSlZMvnp+w9JN5RYDOYXu5Fu7+sw3O0O+7gDz89osIAuSmVwh19YxzO4R/saqsjOxx1FCarBFmGX4nvF5oHJmAVT+1SU+UDLeOyQYWYthIV+6B7GBBsDSmsDAsRbGFpaYGLMhbvUy3at2w9QgaHx9zBzUFawWUeSPOfF02UPSCOidkvn9jvIBRG8MtBCw7+wCvkVg+Sgt6a2ZI0nfY49vWNJeVtiYqig1hyttkKpDHji3TVfeqpWSWnSECXInyihomJIP3wOkoyrzCZu5Ducs6+0KgXpdhOQij5tTHL6qeJ2TVtDO6kywJoxPFrHDRW0hFAL1moUINU5smtqHLq9XBhvotGG+1JdnMn5ochRZWjODTNKzZYn73XacG7O+GEM5LbM3GDcpx3dUeyIoK2v7ERDSNZRSMpE5rWfCUyAhOLnNzuP1tcoNxBPLXLpCZWQWzHsWWFIL4J9wIteW9ksqHV8/Zxi15cbOByy9TXMPEWFRyIfmgikZ/5fRHDvS7q8foeq+shgwh32N/UyQpOpWCSmtCK9VWG/soTUiJ6mIZ03mmGBIDgO0nhTtRmdbx1o0rmYWT7r150R4NTDs9PPqUorexjmQ9c1JavYUB752pPKEsGywLh2E7oiWIjkBhh1aqq5/eTizn/FfU9P5c8XfBZvEcXhhGB7DH4reA7OiG+qm9HutmBwg2brfZEeqSm4fbn2R9UyXp+r+dlW/4KtcDwtgg0K/F7HUUIItrrLJ71TCyFvtK8LIW7lxs/uhaRjn4n/5mvrg9On9yLC8jRWUont3YS777O8KufmakwgBdG4rmsyt6ObzfZBQifGo9WEp0fwYdxpZWJEMmlG/fY22iVuaXs02Mc+BV6jyGJ6tJWSoze5B/+teyB5pUN01bQaFli5epKEuLJNTaXsS9aaTFgNat56qdsSah1OlT610XAKzxQ3krBtum+4XVjPxX48mAxuIAWP91gSJxMrCjlu2uWB3mg2FpvhPGpNTD8LWpc8VLU11hhUlGcDcF/9mHMBnOLOuh5RX+lR0ldbKHzjNlKHO6aURB2Bl413hjRFzRsp9GZ3hwe/4QCfiy5A5Ywix7V7cOBiTvp1itd43INfYEF4+FMTZhcdWos2Rtt3xWWsZZDS+NC6PmfiI1TOnq+aekzOjrvXBLrlNzyuhKRioVWW7XHjBStYyK+q8aJdHmv27lLn0EMgBfBTbuQuF2kYm31phu06f0XGBvavGRYP4NPkIvzhaZIoex1zdCJJ5JSszndtVZXi+IJtLp4nbeyW3kzAq7c0tFk6Omxq2JJaD1I8esltUOhZEUvHcedCcOfJRVqNSQC0bhNA9K+c5/XBtNN40tKbod4iIfPhDV28C0ZvLqg0+TTVq5Gprvw85yuonj4j4kFkAo6NS3BTQ7G/VSXEqSDWlPZxhJDY57h3sEAIMyBcCQrF8PTabsjwUFLGAl5ru9+cbWI3+S7me6Pz93tkXFivpOLExACHoAKKtyWKj5FOsCU2AU3faHYhA5K4RK0CeCKoKK+9xTaJ3zmzpK8Y0RbWFgL0FnQe+YEwzmDkIICRI4Gyu+A+n8//9988/v5TV+WqqkkMIwzPva2ZiJ5eemxmZYmBOu7TeJRNgYx2W0lVwJe')) Decompressing and decoding from base64, we see a similar string with decompress and b64decode instructions meaning it has been ecoded multiple times. I wrote a simple script to decode it: import base64 import zlib import re out = base64.b64decode(b'=43mlr8D+//vPzftuhgcDl3/aVk3oxpv0SZZul34uFyULTRdnYokAKkMZ/3wWYkDRRh/8qQKEBBQ9n1HCCQBRnkVjIJLEAZRGL6861F2qa+JrTdUDib5g+9H3H8K2a9jbNy62YcvIHClbGtH5J4FgnO5jpcfoT2IgGDha2/LSb6rYy6jFRTiWCaTTz58i3Rp4n3TCYYN+yhNGtn+MypKKABrwBnLT5gNw9k3cmfQX0vgTONGLeeHaPUDC7vY8+ynebM2ZuAWMkk/mZRsceApUn8mbSzfU+WgtUVSom4y5zPfDv5qTtkv9M5pMq0JBkzGiodv91ZuQ9LlgfUnUlFwrHfBqVhTqHoSLH2GG4hsFx4hG5/03Nb3yWbBZmqNGjKHQexi8lnKe01H0r4DHjyCJd7OfOXeHfACb901MHSDJZXYeSXUfevKnfUmq9/App6/THKqQBDJEyBHro4hmhm/zUsoP41PB7+1q6fF5sH8nQBN77yz3FP1qlSZ3vc/N9E9evG1QB3AepWuImEo13UMxQi/sQ0nfelcjlSg4pmcvuIb6Z3PsOaSnsLj5SXUeJghqp0OUiAZNLw4copV6ob1k4AtXgL2rh5skHak1yrX3nCjLlaHn/kxHk+ZswMCIA3vxQv7QPlvOOoItco2oGlhBBzDRXZ+dfXkkwzzIrJ4tUX5ZNqO3eEtIv2v4EVdG1Ol05ekn5LswyJ2dwLVSGQd/130MuaFMLvqDdrOuz8G8gZkAtxQkWYSY/BTlgXf6ECL/trMrJwBEqLA7F9+gQ17+09OYKmiTLR5TxnSpbmfx6dlLaYORHQ2zGI3EiCaRAzDSyq+W4wifsB7c6ioHWlSI/8DYi/Ti8kMvXml5Rt8vBUudxTjILfuU6oKT+k1rDpV9Cl5m9MVNcDmylfsef/TAQdDA8CQGU1DTps54fj5TFnWyguwPOufSzltb5t/mcACXu40cNqzAoyXAYf8gfg2zO81BefQR4tzXwFvafM4jrf7yccSKZofYmDaHZmCJ1D64vfJsc+7znX6YYyONjmXa+XpejHa7V7djClz8K60Ym2H2MnMIjFkOC+aq6f5QrntXk+XbwBHp6GQPwFbSuXBletJp/Y07vtd6FuA65HV+aZah9tSog7HE42DGIDO8aleR7mwItlQ0oU8AX3rFXC4DYofryPTBFiMeeFvJp4xbwB/4jczWI7Hj23eYKsHS3bcOltVlc3IA6oSWIKm20Fcg0vGkNJ/3DhbX+/WQlK+OgbfIbmeihCfKy7IyBb5X3HIe2W+RXsyM9AirhNpyz3qHen619PmAteTqyabGQCNDpsFHH0ebmyIWUY83ShqlyK3ouI9XtNcC8TbfeVCeAygCwX1ERx8KtRnfocp+/igOUwpuMsBiKKoK7CN4NL6+X2jhXcyhi93Wn1PyA2jiQumlWKlTBcEXNPWnidZaXaBiGCsOpVkrKKxtqfWxCklgPnUmn7/jHoMdoD5bgn/QRMKCdMmGpVD2aVJjjCBHFoSXwSlSAaHhZBcDzEF3OmL2bKWrWflF8Si96iJ/RGjwmyIsK071RETyG3h3nEtIcAX7WpLdcgKv26YLe5AwYxiQHzeV8iTQn8HBiLDRyW7xlmPTR2fQJcth6lvGooJF5VvFSH8gJbZiXd4bmmJ8R9MlaKaIeuYkTg5dLytwlV/v+19o7/c/mpEPcMejnwKAW5lqpzOqG3fY/kru3iPCrsA/NbdmeZCv5H6RZphPTKF90nnn7RBwvTp+KWTZegYKgAeALcaoSes/C8rpeXT5x278LNocQP/AyML1kAJ0kkR0RBEXQSE/uZ/IKcM3Ckfut9wORKVI+z7qV1zQUrg8332QmgaBXL/xmNJecswawhFw0dh6SMTODc+8SkgDUFoA3d+pHobJ0bFFiLM+/1N/eLDypVQuPEGf43yw7eFnzzEWn/mp8Dz+2ocEfwutlyAIaE1YFof3vcne7ycQBnzA5rfEroueKLehoIVzoDi7mtPUZj+vgSg9btTpvs2dU14HRsb/OJUZHy0KxDXCICP4gYMW9e2Y2RBqu2WkodHNkIhUsbPSlXwoVjWMRMYLNkxkpk4aa+zLqjid/K2n8cog3AR/GUyoEUi1FmA3TnPGfJJ1QXjEYhs1pfvj7QkOZLOmz1VBtS+lS9qgyGvAXuLP+dGEnzU2v1d5vhAuKRPu3zqId4fDBdq7qp4fR1qjlHcMA2ln/qc4/OAI1tlvpYwR5E7+IJEdJ6neyQPPTYEy2EJDzCeFTB46f5JvVPCMYSalhKjU6UZ2ScuckeeeK5bW9okmo5MDLAHDC/pR6QeE99wIct99xVARKDB+gtO4pc8YsfPY5+XffxuBvBkyYbtBVglBfx14bKjlJUFYMX3PYE/1cqyHK94uoqD+wBkisr4NdVdZTJGC/Uk3SqfB2aXDoIkAKm7RyxVNKsM8HE5BfI3k9Wm8ig0YWsMoR4mY1F8qyBytMdedYygRSLtwX4Rm++5w6tpF30C+jI73EvIYhp0SecdJFsTe2WtXmVJpNZ4bLDav/WUTZXCs9CdOYA9pzS/ogKz3J0XYAVWgZxHlW+eI9qjrpPFoIa0oRWUhaSOTywXcQoGaS8FwGLzFoymbCdLeLDDI5Km01/EcYRA3my09FNNUxLurqGypqslfK846JxsK29tzw5gZ05Q1z7W6DirizCyBaB4zsvbUDIz10LAHHEswcaPkiuiUUCxzjXggzaipTS8XgrTe6LP5HZ1DtxVRg0w2bJgeqRqjyHInA426Sn8cldiAAhZwJD+MxnXRqIwLKXliMIdYnz68Skm7Bw3DnO/z/6v9RTLnhtLTjQMVULsgq3U9uOlqOes+ReuPyRSKv8h7wr/+5ZBAF91xeiBGuSZMtL84Ju0tqmmKVsCEKD4q0SN5Wgcj846sNAKQyXOMgvVRMN+M557hQSI8S+LfUa50cekHalhr14u13vFcBSljSfMRTKkrThYGrpZ8YDentfypoCunb4HhCGzWMhEgrgfcrC5J+nU7r//o62XmN/TUgfDyaRzekJHIX24sI3kbQ+604sU9FKDdWGgf8I2iaLJyYoUElvYM1wzAbLwlUYp4MW0GqMyUQjvuYE7Y5lDSgRMzZe/tAAqr+EzZDz43yGUyJArDE9LfEFzfs7+RSsqeJSNA83nebCfxnmQsW1rmzomV0nFPvnfh1MhpPqDsp5b4SYmYOw9I9hTT/7dq1d/WzozF3gt6NABHNjOWEA1xaLgke4yORTk4Pjy60WBd/6hhu9nNwmMj+BU5mIXZVkPQnY5Wxo/Gm5PXPuttL1yDxgvrbimuZHwYyb51dIrY7r0GL+aL22oBdRjBUpgwiz+ek5zrzs8fvvortVjVOn5KTrNr7srz3uj+Lv995kx7xxpQkTfoKJkXMDTSY8iM4fJdgh+tcN7jsjSxg/6gLvy7q8S+sF49HAbKmloU8BHjrLax4E9gQJuT/6wBrQUy3O9CbjJ8bDpXycPKpSUK+Yw+/Dzn3NAP8i45erPgj1f1gLsfz/PBT9Dz3YPKiG9QL8BVgBsMTCJinsjV7H45aKaiFlEGzepumnoAoB9ekYwsOLJY/gUaJ8qr45pw+LsKz+x/ZejxMgHYz4ouhrT2FtF46zsdjoyZ2yozW9TrKRDze9Cy2Seg3VJ5JjSgIjqlCI54+h6sYKFjYMDhaxSUNuKyCTwImeXRsr5c14sJ1++0mlQeHVvMMaj3r0cfTCYqMQxBit7ZVqmsWuUcuQ2YOs2LUbThUTu5Cq3Ps/NLxtsTLQKdMf1/fZOTHLuAR5kr2KrfZ3dl8bZB/tNfIhps104ZFgjZBhBh5MX/MGDi+qK7r3Xh31VsOUy0RrpfzfE4v8ONNwIQumLrNaEzqFg9HLvgD0HtCdshUKw1OTLzvcyA40muY6DivRQ6HNMwJqo2NKEgtwPYES5X7gAqylhjvt/I0lcfTmGyNpNVL11T/dSDxTQeVag4gRWz4IaPEVB7lQ/eayiuUPcfeGDwoq7x+60U8umGa7wdWZJuNdwkMoCXUMJhP3U4DVfCXQ65ai/jlppFL/WURABHfOpLFZ0i4QaKhSaY5qrKQzUqPSM9Gm/EWMlSgIWBQFSyRA6vXLJyDwxrWH/n6YR8RA6kQoYVJ7PMqkKHqWt/XANKaHh1yyukWDMUd2o0GvhAzmJBaxfpN/Mx0fTsWNvoe6QMmGooOcQq3Q6E4Y1cSTdeZOIs0Q70pfyra6XCDqIjU1ekyHPaJA+TQbJ6wLVcmEkOBP587/VDYvEn/sFSIxEJpq6P5Jd0QU7OWPX8IrGBdFRf/Wo7PvhY+zTMka1qrkEp4JuQ1a8UJJzHMpE7V0N5hr09NSI938inFKmO8dSCcyDQF6yU06ek5Tee9BLUOHlPnoo4/44Ggp9fA9bKQzH4peh76lBneG2bSvRK1WFYAeP360tvZQniz3l/cNCX1iFbNLcPijfNpTE3qLmJ3/+kgL4rcyurM2JDz78oav/OLNAORwkDIVR+gGuDlUwQRXMH+cwpl98WwDlJ1mc+00hBsHtJCthbO/C6txZOBJdgVzzjQgiPH4M+KFI8dxZz6cWNiriv/22MrssPtoW9z0D3aUZ/hDpQX8ozTk0q6K3/bS/N23U2zzVpqsLBljh3nU7RI/IHfnnAbgP4ZY8ID4BC85deTD2hQPfdJv6usK+cnFgjLKQTRyn9XdL4I94hS8J6vvlpkKVo0crPTPlo8t/V+dlO+PPrZ0T7iv4oSemXrJu05RlvlW/SLQVLIOpZLrUH4UtKWVZFvGx1iobyk6Zo3YLaZzKlgie1KcWFLhJLjS+obwRvbKzilBn+H2y+iHDTkTKMdVS7K7jzWL7IBV9b+pXRhcQkdgzXsZdcaCYYbpCVFpYM814uxGB4vDV0QKcK7QL/Zc68TdNrTJv4NSbTa8DLqxc6wHpPAV6usT4ElUQCwYNq0wVpips/VORYimDKYcnzL2Tmp9YckZAxzsr3s77VfsKG3C/4e6oPE8i+vqzqdoScwJdA5Kc2Ijf0sfUk8eaaiHKsDAzWAJGoVhPamcA9bOchh0+XvUdA2R3iMtOoHWuguMqhTHYsSp1nTNnhiUcOMh6SYBP9V5+GDQ1hnZbQCJbgeu3lIuBANJomWA+aQBFlj1e36Qf0E71aAgQhpEiUoCt4WTbALMDAMEt39foJuJ7vn+cM5YMDm+I37B/p4PgYvGeMJxLJ0iLIL3YQbgCdF81EHbHr1QOaeJFXpzzmmQ6W6px9xvofUfEqw/9f8TEx/ZhJXd4l1REt9TlH0h0O/h7r87V9ZV5sxJfwPRHvYxqD+Td1kR9so/NcyvF9ASp+9h22btfRtbrth75tcX1Sd7aZDUsI7K02n4Yu4g3yvTuh+beKUa5UY30Do2LtU5vSXQuYOUzb2nt3JqUcBDDwXcE956tdGCx1oYhf4Igq5Lu9WdTpZeJsc7V5oyNQGRKPwYsxkJmIZz7gdT0dRdnXsZ3KGzGMyvKgV6O8T6onBPGD1GY07pjG+cqpyEtR4aHVXMlSyp8FiyNSHLc3SPA186n6AQd0olhM5LWrBI3dCk0C20f+Vrt5BICVcoY25l5+p72Jlc3n+sz5PauU08Q2ozPDdkIotdcKy2cQlYxUQLy+8m5XUUPNPHl8b1te4e6W7j7IGWGx66Vzb/mpK2IDJppqwl0ev5dQ1FtAnYFZ8TlCb9XCRCHL/gBjkrU2LPATaLdQHB5WFsJsgWcqswwyuXDAhfrzYcg3HdRb+TDvDjGUiErl/z1X5jX8Gu77LC3mcETeUAWulappBTbRyauWGvZ/hhd5YHPwaPD7Jl70QRJvpdO+e7nCBiC7tMCSZcoynSlZMvnp+w9JN5RYDOYXu5Fu7+sw3O0O+7gDz89osIAuSmVwh19YxzO4R/saqsjOxx1FCarBFmGX4nvF5oHJmAVT+1SU+UDLeOyQYWYthIV+6B7GBBsDSmsDAsRbGFpaYGLMhbvUy3at2w9QgaHx9zBzUFawWUeSPOfF02UPSCOidkvn9jvIBRG8MtBCw7+wCvkVg+Sgt6a2ZI0nfY49vWNJeVtiYqig1hyttkKpDHji3TVfeqpWSWnSECXInyihomJIP3wOkoyrzCZu5Ducs6+0KgXpdhOQij5tTHL6qeJ2TVtDO6kywJoxPFrHDRW0hFAL1moUINU5smtqHLq9XBhvotGG+1JdnMn5ochRZWjODTNKzZYn73XacG7O+GEM5LbM3GDcpx3dUeyIoK2v7ERDSNZRSMpE5rWfCUyAhOLnNzuP1tcoNxBPLXLpCZWQWzHsWWFIL4J9wIteW9ksqHV8/Zxi15cbOByy9TXMPEWFRyIfmgikZ/5fRHDvS7q8foeq+shgwh32N/UyQpOpWCSmtCK9VWG/soTUiJ6mIZ03mmGBIDgO0nhTtRmdbx1o0rmYWT7r150R4NTDs9PPqUorexjmQ9c1JavYUB752pPKEsGywLh2E7oiWIjkBhh1aqq5/eTizn/FfU9P5c8XfBZvEcXhhGB7DH4reA7OiG+qm9HutmBwg2brfZEeqSm4fbn2R9UyXp+r+dlW/4KtcDwtgg0K/F7HUUIItrrLJ71TCyFvtK8LIW7lxs/uhaRjn4n/5mvrg9On9yLC8jRWUont3YS777O8KufmakwgBdG4rmsyt6ObzfZBQifGo9WEp0fwYdxpZWJEMmlG/fY22iVuaXs02Mc+BV6jyGJ6tJWSoze5B/+teyB5pUN01bQaFli5epKEuLJNTaXsS9aaTFgNat56qdsSah1OlT610XAKzxQ3krBtum+4XVjPxX48mAxuIAWP91gSJxMrCjlu2uWB3mg2FpvhPGpNTD8LWpc8VLU11hhUlGcDcF/9mHMBnOLOuh5RX+lR0ldbKHzjNlKHO6aURB2Bl413hjRFzRsp9GZ3hwe/4QCfiy5A5Ywix7V7cOBiTvp1itd43INfYEF4+FMTZhcdWos2Rtt3xWWsZZDS+NC6PmfiI1TOnq+aekzOjrvXBLrlNzyuhKRioVWW7XHjBStYyK+q8aJdHmv27lLn0EMgBfBTbuQuF2kYm31phu06f0XGBvavGRYP4NPkIvzhaZIoex1zdCJJ5JSszndtVZXi+IJtLp4nbeyW3kzAq7c0tFk6Omxq2JJaD1I8esltUOhZEUvHcedCcOfJRVqNSQC0bhNA9K+c5/XBtNN40tKbod4iIfPhDV28C0ZvLqg0+TTVq5Gprvw85yuonj4j4kFkAo6NS3BTQ7G/VSXEqSDWlPZxhJDY57h3sEAIMyBcCQrF8PTabsjwUFLGAl5ru9+cbWI3+S7me6Pz93tkXFivpOLExACHoAKKtyWKj5FOsCU2AU3faHYhA5K4RK0CeCKoKK+9xTaJ3zmzpK8Y0RbWFgL0FnQe+YEwzmDkIICRI4Gyu+A+n8//9988/v5TV+WqqkkMIwzPva2ZiJ5eemxmZYmBOu7TeJRNgYx2W0lVwJe'[::-1]) out = zlib.decompress(out) while True: out = out[11:-3] #print(out) out = base64.b64decode(out[::-1]) out = zlib.decompress(out) print(out) And we get some python code:...

We are given a binary with all protectoins turned on and c source code. #include <fcntl.h> #include <stdio.h> #include <stdint.h> #include <stdlib.h> #include <unistd.h> void print_flag() { uint8_t flag_buffer[256] = {0}; int fd = open("flag.txt", O_RDONLY); read(fd, flag_buffer, sizeof(flag_buffer)); puts(flag_buffer); close(fd); } void do_echo() { uint8_t echo_buffer[256] = {0}; gets(echo_buffer); printf(echo_buffer); fflush(stdout); } int main(void) { while(1) { do_echo(); } return 0; } There is a buffer overflow and printf vulnerability in do_echo()....