TYS 0x07 - onebyte to rule them all

• 2019-08-15 17:42
• TYS  
• network  
• password  
• onebyte  
• docker  

This post is part of the Test Your Skills series. You can find an introduction here. And an overview of all TYS’s currently available is over here.

Challenge

The goal of this challenge is to write a script/tool/exploit which successfully bypasses the login of the network enabled service running in the provided docker container - without changing the docker run command (run it exactly the way as shown below) or any of the scripts/files provided. Feel free to explore the container and take a closer look at the application binary.

Extract the tarball and run the following commands to get started:

e-axe@little0ne:~/TYS/tys_0x07_onebyte# docker load -i onebyte
 
# depending on your approach you might want to run disable_ASLR.sh before starting the container
e-axe@little0ne:~/TYS/tys_0x07_onebyte# ./run.sh
listening on [::]:31337 ...

Download tys_0x07_onebyte.tar.xz and get started!

Have fun hunting, feel free to post your approach / write-up and let me know if you have any questions, feedback or general comments in the respective twitter thread over here:
https://twitter.com/mytty_project/status/1162040256838979584

Verify the files you download with:

md5sum     858bc94e0c7ab4b6235dadea3f0842b1                                  cdn/tys/tys_0x07_onebyte.tar.xz
sha1sum    449db973ed1cccc6c1da9029e18cfbeca363efec                          cdn/tys/tys_0x07_onebyte.tar.xz
sha256sum  e257261995a384e35c06eb8ecbedfa4f201bdebf54d420aa9d53c3a27f8e9297  cdn/tys/tys_0x07_onebyte.tar.xz