Challenge 10

As we prepare for the beVX conference, we'll make a few online challenges available. Those who solve them (quickly enough) will get free entry tickets, flight and accommodations to the event.

 

Rules

  1. The challenge is to develop a working exploit that can exploit the vulnerability found inside the binary (attached below). You can write the exploit in any language you want.

  2. Once you have solved the challenge, email your full solution to ssd@beyondsecurity.com – the solution should include both the source code of the exploit you wrote and a binary you created from the exploit - please provide full instructions on how to compile your exploit what OS you used to compile it, etc.

 

Prerequisites

  1. The code was compiled under Ubuntu 14.04 (LTS), this is given as reference rather than a hint or part of the solution

  2. If you are having issues Reverse Engineering the code, check that you correctly identified the type of environment where the code would run under

 

Prizes

The prizes will be given to the first, second and third full and correct submission sent to ssd@beyondsecurity.com, partial or incomplete solutions will not be counted until they are corrected. On the first day of the contest it will be only available to HiTB participants (attending the event either with a ticket or without a ticket), if you feel you have solved it send us an email and reach out to us in our booth at the event - from the second day and onward until 3 winners are found, it will be open to the public.

  1. First place winner will get a round trip to Hong Kong (Coach), Hotel Accommodation and an entry ticket to beVX Conference in September (valued at 3,000$ USD)
  2. Second place winner will get a round trip to Hong Kong and an entry ticket to beVX Conference in September (valued at 2,000$ USD)
  3. Third place winner will get an entry ticket to beVX Conference in September (valued at 1,000$ USD)

 

Enjoy the challenge!

 

File

The binary is a 'server' which expects incoming connections to it, when an incoming connection occurs and a certain 'protocol' is implemented it will print out 'All your base' and exit. Your challenge is to write an exploit that will cause the program to print out 'Belong to us!'.

How we will test the submissions:

  1. We will run the 'server'.
  2. We will run your script, in whichever programming language you wish to write this in. Please if you are going to provide a compiled binary, provide the source code as well - or we will not judge your submission.
  3. We will monitor the output coming out from 'server' for success, and then we will review your code to see if its solving the challenge correctly.

# base64 cha10.zip
https://pastebin.com/HfDuyHh8