Pwnables

PoliWars [484 points, 3 solves]

A not so long time ago, in a galaxy not so far away...

nc poliwars.chall.polictf.it 31337

Download: poliwars.tgz

Source code and author’s writeup: github

Pong (lvl 1) [418 points, 12 solves]

So much pixels and fun!

nc pong.chall.polictf.it 31337 or nc pong2.chall.polictf.it 31337

Download: pong.tgz

Source code and author’s writeup: github

Pong (lvl 2) [418 points, 12 solves]

Ready for another match? :P

nc pong.chall.polictf.it 31337 or nc pong2.chall.polictf.it 31337

Download: pong.tgz

Source code and author’s writeup: github

LameRMI [484 points, 3 solves]

Bill is a computer science student
Bill managed to lock himself out of his own vps again
Bill remembers that a small program he wrote to understand RMI is still running on the server, and that to get it working he
blindly copypasted snippets from stackoverflow and its professors slides
Maybe there's still hope of getting the flag he left there.
Please help Bill

lamermi.chall.polictf.it

Update: Pay attention that "http://" is not written anywhere (read the description!)

Update: I heard that Bill's security policy is not that strict...

Update: There's a webserver running on port 8000 as well. You may (or may not) need it.

Source code and author’s writeup: github, blog post

Status Box [120 points, 90 solves]

This Box memorizes a statuses sequence composed by a current status and all the previous ones. It already contains a small sequence of statuses, but you can show only the current one. You can set a new status, modify the current one or delete it: in this way the box goes back to the previous one in the sequence. The box can keep track of maximum 200 statuses. It seems just to work fine, even though we didn't test it a lot...;

nc statusbox.chall.polictf.it 31337

Server-side source code: statusBoxService.zip (the challenge was meant to be solved black-box: this file was not provided to the players!)

echo fail [349 points, 23 solves]

Can you hear me?

nc echo.chall.polictf.it 31337

Download: echo.tgz

Finally we met [500 points, 1 solve]

And finally we met.

nc finallywemet.chall.polictf.it 31337

Update: Updated binary

Download: met_new.tgz

Sources and author’s writeup: github

guessthenumber [0 solves]

Could you help us to guess the number?

nc guessthenumber.chall.polictf.it 8888

Download: guessthenumber.tgz

Sources and author’s writeup: github

EzWinShell [492 points, 2 solves]

Today getting a shell is as easy as 1,2,3

nc win.chall.polictf.it 31337

Update: So you have found three checks that must be set to 1 to pass, but seems that you can set only two of them... be smart and think out of the box.

Update: wait up to 30sec/2min for the shell to spawn if you are sure that everything is correct

Download: ezwinshell.tgz

Sources and author’s writeup: github, blog post