Skip to content

Instantly share code, notes, and snippets.

View comawill's full-sized avatar
💻

Sebastian Willenborg comawill

💻
View GitHub Profile
@comawill
comawill / redirect.http
Last active July 10, 2016 13:16
trendyweb writeup
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: ftp://hostname:8089/test.php

Writeup net300 (ebCTF teaser 2013)

by tsuro and comawill (Stratum 0 https://stratum0.org)

Step 1: Reverse engineering

Here is what the program does:

  • It opens an socket(AF_INET, SOCK_RAW, 0xfe)
  • and waits with an resvmsg for incoming packets
  • each packet will be 'parsed' (extracts source_addr of the packet and skips the remaining part)
  • expexts the first four bytes of the payload as length of payload - 4