Sheet 4

PABE Exercise Sheet 4

General Information

All solutions must be created with Python 3. If you are new to Python 3 have a look online… there are many good resources to get started such as this course, this blog post and this slide deck. Feel free to post other resources to the mailing list to help other PABE students.

Please keep in mind that you should:

read the task description carefully
push all your changes to the GitLab repository (master branch) before the deadline. Make also sure that the file permissions are set correctly! If you are new to Git check out this site!
make sure that your solution (also) runs on the virtual machine (and not just your local machine); this also means that you must install all additional packages yourself from within the solution script (e.g., os.system("pip install --user -r requirements.txt"))
make sure that the solution is an executable script named solution (chmod +x ./solution) with a working shebang line at the top (e.g., #!/usr/bin/env python3) so that it can be executed like this: ./solution (do not name your script solution.py, Solution, solution.sh, … just solution)
the final solution string, and only that, must be written to stdout and could be a number, a string, a string with the format FLAG{some letters and digits here}, depending on the specific task

describe what you are doing using detailed comments for all your solution scripts! For example, use Docstrings (link) or inline comments:

1
2
3
4
5
6
7
8


def check_input_length(input_string):
    """
    The input string must have a length greater than 42 and must also be even.
    """
    length = len(input_string)

    # the final check happens here
    return (length > 42) and (length % 2 == 0)

This helps us to find out if you really understood the task and you are not just brute-forcing some solutions. Please do not leave any commented code (i.e., code that is not needed to solve the task) in your solution files!

make sure that your solution executes within 10 seconds (this is a hard timeout on our server)
All exploit scripts must be written as Python 3 scripts using the pwntools library (from pwn import *)! Use the recvuntil("string goes here") function to keep everything in sync. Otherwise you may send data faster than the server expects it and the exploit might not work. Most of the solution files we provided also include the possibility to debug your exploit by providing the GDB parameter to your solution script, i.e. ./solution GDB. Make use of this feature to test your exploit! We suggest that you use a tmux session to debug your exploit which provides a convenient split view. IMPORTANT: do not remove or modify any of the template code since we also use the GDB feature to debug your solutions (in the rare case your exploit does not work ;-)). You surely can add the code for your exploit. If you need to change something for your tests just make a copy of the solution file and apply your changes there.
violating any of the points above might lead to reduced final points for the specific task!

The deadline for this sheet is Tuesday, 2021-01-26 23:59:59

Task 16 – Say my name! (2 Points)

We have reused code from an old authentication system. It seems like security was not that important in these days…

Can you check if the binary say_my_name has a vulnerability? If so, exploit it to make the binary print the flag. To do so, edit the provided solution template!

Where is the bug and how can it be fixed? Write the answer as a comment!