TYS 0x07 - onebyte to rule them all
The goal of this challenge is to write a script/tool/exploit which successfully bypasses the login of the network enabled service running in the provided docker container - without changing the docker run command (run it exactly the way as shown below) or any of the scripts/files provided. Feel free to explore the container and take a closer look at the application binary.
Extract the tarball and run the following commands to get started:
e-axe@little0ne:~/TYS/tys_0x07_onebyte# docker load -i onebyte # depending on your approach you might want to run disable_ASLR.sh before starting the container e-axe@little0ne:~/TYS/tys_0x07_onebyte# ./run.sh listening on [::]:31337 ...
Download tys_0x07_onebyte.tar.xz and get started!
Have fun hunting, feel free to post your approach / write-up and let me know if you have any questions, feedback or general comments in the respective twitter thread over here:
Verify the files you download with:
md5sum 858bc94e0c7ab4b6235dadea3f0842b1 cdn/tys/tys_0x07_onebyte.tar.xz sha1sum 449db973ed1cccc6c1da9029e18cfbeca363efec cdn/tys/tys_0x07_onebyte.tar.xz sha256sum e257261995a384e35c06eb8ecbedfa4f201bdebf54d420aa9d53c3a27f8e9297 cdn/tys/tys_0x07_onebyte.tar.xz