Open Pit

Author

Stäbchenfisch

Challenge Text

I can't stand these craters that surface mines put in our landscape. It's time to stop them. I've managed to acquire the software running on their servers. Maybe you could use that to get in and disturb their operations?

Challenge Idea

Use timing information leaked by a hidden profiler to recover an aes key. (crypto + reversing)

Status

Ready with working exploit

Reviewers

dezk, pspaul (I think. Don't know the names that well yet :P)

Setup

Compiling the Sources:

meson build
ninja -C build
strip build/open_pit

The resulting binary is needed for deployment and should be published with the challenge.

Run the binary:

socat tcp-listen:1337,reuseaddr,fork exec:"./open_pit"

Administration

Hardware Requirements

Number of cores: 4
RAM: 1 GB

Environment / Permissions

Distro: Arch
Requires write access to /tmp: no

Solution

See solution/automated_attack.py

Difficulty

Medium

Flag

flag{If_coal_is_so_bad_for_the_environment_why_dont_we_just_burn_it_all?!?}

1.1 KiB Raw Permalink Blame History