May the Fifth

Description

A zForth user has, for performance reasons, disabled ASAN and ZF_ENABLE_BOUNDARY_CHECKS, because according to him “setjmp/longjmp is disabled and that is good enough”. Can you prove him wrong by reading the contents of the file containing the flag?

Note: A simpler variant of this challenge is available here: May The Forth.

Files

docker-compose.yml
may-the-fifth
40.41 KiB – fa76a231cc48fd5387b56d85e7aeaa16e349d40dadf7beec4900b823d1d893b5
may-the-fifth-public.tar.xz
1.05 MiB – 101a75b5f64b73981e6a5dd6ec1069eef30a3d72581de51e22e86ea7532ebc13

Authors

cde

Cryptanalyse

Challenge Instructions

First, download docker-compose.yml:
curl https://hackropole.fr/challenges/fcsc2023-pwn-may-the-fifth/docker-compose.public.yml -o docker-compose.yml
Launch the challenge by executing in the same folder:
docker compose up
Then, in another console, access the challenge with Netcat:
nc localhost 4000

⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: e0295b314d376b5cc132776a9c93a446aa06d09d5725283a613acea6fe04747f

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.