bronies Web (800 pts) ------------------- We are trying to break into eXtreme Secure Solutions, where The Plague works as a system adminstrator. We have found that their internal company login page is at http://portal.essolutions.largestctf.com/. Recon has also revealed that The Plague likes to browse this site during work hours: http://22.214.171.124/ using the username ponyboy2004. Remember, our main target is to break into the company portal, *not* the pony site.
ezhp Pwnables (200 pts) ------------------- Luckily when you travel back in time, you still get to use all your knowledge from the present. With that knowledge in hand, breaking into this service (at 126.96.36.199:9174) owned by The Plague shouldn't be hard at all.
To set the picture, let’s identify the binary
izsh@box:~$ file ezhp ezhp: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x5fa5bd76db306497b549ea3b0466cd9e9afa2705, stripped izsh@box:~$ readelf -l ezhp | grep STACK GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4