Skip to content

old school bbs system, with a bell 202 style modem frontend

Notifications You must be signed in to change notification settings

gerhy/dc2020q-mooodem-public

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DEFCON 2020 Quals MOOODEM

::::    ::::   ::::::::   ::::::::   ::::::::  :::::::::  :::::::::: ::::    :::: 
+:+:+: :+:+:+ :+:    :+: :+:    :+: :+:    :+: :+:    :+: :+:        +:+:+: :+:+:+
+:+ +:+:+ +:+ +:+    +:+ +:+    +:+ +:+    +:+ +:+    +:+ +:+        +:+ +:+:+ +:+
+#+  +:+  +#+ +#+    +:+ +#+    +:+ +#+    +:+ +#+    +:+ +#++:++#   +#+  +:+  +#+
+#+       +#+ +#+    +#+ +#+    +#+ +#+    +#+ +#+    +#+ +#+        +#+       +#+
#+#       #+# #+#    #+# #+#    #+# #+#    #+# #+#    #+# #+#        #+#       #+#
###       ###  ########   ########   ########  #########  ########## ###       ###

        w e l c o m e   t o   t h e   m o o o d e m   b b s   s y s t e m

This challenge is a simple service in the style of an old school BBS system, running on DOS, with a Bell 202 style modem frontend--players must interface with the service by sending and receiving audio.

  • gcc-ia16 toolchain is used to build the service
  • Service runs on DOS inside QEMU, communicates via serial port
  • minimodem is used to encode/decode

The service provides a file download function that allows users to download whitelisted files. Players are expected to download and reverse the binary of the service which is provided on a disk image that can be easily booted in QEMU.

Vulnerability

There is an unbound read in the bulletin listing functionality which allows an attacker to control the stack if they are able to get admin access and create a bulletin. Admin access is guarded by a hardcoded password in the binary.

Exploit

The reference exploit redirects control flow into the show_random_quote function at the point just before opening QUOTES.TXT, but instead of QUOTES.TXT it loads FLAG.TXT.

About

old school bbs system, with a bell 202 style modem frontend

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 78.0%
  • GDB 6.2%
  • Roff 4.6%
  • Shell 3.7%
  • Makefile 3.0%
  • Python 2.2%
  • Other 2.3%