Pwnables
PoliWars [484 points, 3 solves]
A not so long time ago, in a galaxy not so far away...
nc poliwars.chall.polictf.it 31337
Download: poliwars.tgz
Source code and author’s writeup: github
Pong (lvl 1) [418 points, 12 solves]
So much pixels and fun!
nc pong.chall.polictf.it 31337 or nc pong2.chall.polictf.it 31337
Download: pong.tgz
Source code and author’s writeup: github
Pong (lvl 2) [418 points, 12 solves]
Ready for another match? :P
nc pong.chall.polictf.it 31337 or nc pong2.chall.polictf.it 31337
Download: pong.tgz
Source code and author’s writeup: github
LameRMI [484 points, 3 solves]
Bill is a computer science student
Bill managed to lock himself out of his own vps again
Bill remembers that a small program he wrote to understand RMI is still running on the server, and that to get it working he
blindly copypasted snippets from stackoverflow and its professors slides
Maybe there's still hope of getting the flag he left there.
Please help Bill
lamermi.chall.polictf.it
Update: Pay attention that "http://" is not written anywhere (read the description!)
Update: I heard that Bill's security policy is not that strict...
Update: There's a webserver running on port 8000 as well. You may (or may not) need it.
Source code and author’s writeup: github, blog post
Status Box [120 points, 90 solves]
This Box memorizes a statuses sequence composed by a current status and all the previous ones. It already contains a small sequence of statuses, but you can show only the current one. You can set a new status, modify the current one or delete it: in this way the box goes back to the previous one in the sequence. The box can keep track of maximum 200 statuses. It seems just to work fine, even though we didn't test it a lot...;
nc statusbox.chall.polictf.it 31337
Server-side source code: statusBoxService.zip (the challenge was meant to be solved black-box: this file was not provided to the players!)
echo fail [349 points, 23 solves]
Can you hear me?
nc echo.chall.polictf.it 31337
Download: echo.tgz
Finally we met [500 points, 1 solve]
And finally we met.
nc finallywemet.chall.polictf.it 31337
Update: Updated binary
Download: met_new.tgz
Sources and author’s writeup: github
guessthenumber [0 solves]
Could you help us to guess the number?
nc guessthenumber.chall.polictf.it 8888
Download: guessthenumber.tgz
Sources and author’s writeup: github
EzWinShell [492 points, 2 solves]
Today getting a shell is as easy as 1,2,3
nc win.chall.polictf.it 31337
Update: So you have found three checks that must be set to 1 to pass, but seems that you can set only two of them... be smart and think out of the box.
Update: wait up to 30sec/2min for the shell to spawn if you are sure that everything is correct
Download: ezwinshell.tgz