Posts

Showing posts from June, 2017

backdoor CTF evil

Image
backdoor CTF evil hi today we going to solve CTF challenge   let us quick read  it link cool it's service on port 9007 now  time to read source code      now we going to explain how code flow work flag define as variable and also super_secret_code that it's part one now going to part 2 it's condition flow first guess it take inputs using python input and compare it with super_secret_code if condition true it will print flag . ok that flow now time to identify weakness ,input in last python version it act like  eval(raw_input) as we know eval it    function evaluates a string of text which is passed as its parameter, accepting possible second argument for the global values to use during evaluation. through this we can read super_secret_code by type it in prompt it will read variable and save it in guess and use it in if statement . quick example you see we enter secret again now let us print g to see what inside it  nice