It occurred to me about a month ago that I never published author writeups for the “Toaster Wars: Going Rogue” CTF problems from PicoCTF 2017 and PlaidCTF 2017, which is particularly troubling since one of them wasn’t actually solved in contest! To remedy this, and in celebration of the release of a new game in the series that inspired these problems later this week, I’ll be posting writeups for all of the Toaster Wars problems over the course of the week.

For day two, I’ll be talking about the harder Toaster Wars problems from PicoCTF 2017: TW_GR_E3_GtI and TW_GR_E4_STW.

It occurred to me about a month ago that I never published author writeups for the “Toaster Wars: Going Rogue” CTF problems from PicoCTF 2017 and PlaidCTF 2017, which is particularly troubling since one of them wasn’t actually solved in contest! To remedy this, and in celebration of the release of a new game in the series that inspired these problems later this week, I’ll be posting writeups for all of the Toaster Wars problems over the course of the week.

I’ll be going in order, so to start off, today I’ll be talking about the first the first two problems from PicoCTF 2017: TW_GR_E1_ART and TW_GR_E2_EoTDS.

With 30,000,000 weekly downloads, it’s reasonable to expect that qs has been written from the ground up to be efficient, secure, and robust. Unfortunately, as is often the case with small projects that become unexpectedly big, it is plagued by legacy options and sibylline code. Without understanding how it really works, it is incredibly difficult to use safely.

This problem provided us with both a site and a download with a handful of files including a query binary and a Dockerfile.

Starting with the site, it seemed to be a basic search of some kind, though it filters out anything that’s not alphabetic. (For example, searching 1 seems to dump the entire DB.) Nothing particularly useful there.

Next we chose to take a look at that Dockerfile.

As the Vegas festivities wrap up, I once again have an opportunity to reflect on the year’s biggest CTF and the culmination of my time as an undergraduate with the Plaid Parliament of Pwning. I’m looking forward to playing with them as an alumni, but now is a good time for me to share some of my thoughts with the rest of the community and to hear what everyone else is thinking.

With that in mind, let’s talk DEF CON!