Skip to content
This repository has been archived by the owner on Feb 28, 2018. It is now read-only.
/ faustctf-2017-smartmeter Public archive

FAUST CTF 2017 service "SmartMeter"

2017.faustctf.net

License

ISC license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fausecteam/faustctf-2017-smartmeter

BranchesTags

Repository files navigation

SmartMeter

This is the source code for the "SmartMeter" service from FAUST CTF 2017.

As it was written for a CTF service, the code is deliberately insecure and contains exploitable bugs. It is provided for educational purposes only, do not even think about (re-) using it for anything productive!

The code is released under the ISC License, see LICENSE.txt for details.

Example Exploits

  • The files retdeobfu.py, smartmeter.py and reanalyze.py show how a IDA Python script could deobfuscate the binary. They don't actually correctly deobfuscate though, because we stopped at the point where we'd shown that and how it's possible.
  • The file sql_injection.py performs a blind SQL injection to steal all currently stored flags.
  • The file dir_traversal.py uses a directory traversal to steal the database of the toaster service.
  • The file buffer_overflow_chall.py exploits a buffer overflow to execute a ROP chain that calls system() to dump all flags from the database over the existing TCP connection (but necessarily without the TLS tunnel). Please note that this script was developed for a different compile run than the actual CTF, so the exact addresses for the ROP chain are likely to be slightly different.

About

FAUST CTF 2017 service "SmartMeter"

2017.faustctf.net

Topics

c kore internet-of-things capture-the-flag power-meter ctf-challenges

Resources

Readme

License

ISC license
Activity
Custom properties

Stars

1 star

Watchers

7 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages