Play this short game to get familiar with terminal applications and some of the most important rules in scope for picoCTF. Connect to the program with netcat: $ nc verbal-sleep.picoctf.net 55716
In this challenge, we are given an attached file main.rs. Itโs a Rust script that decrypts the flag but has some syntax errors that need to be fixed. The first thing that stands out, even without running the program, is that thereโs a missing ; at the end of the line:
1
letkey=String::from("CSUCKS")
Aside from that, there are even some comments that serve as hints: / How do we return in rust?, // How do we print out a variable in the println. Letโs move on to the next phase.
๐ฏ Solution Path
Exploitation Steps
Exploitation
For the exploitation, I simply fixed the errors indicated by the comments. For the first one, I just added a ;:
1
letkey=String::from("CSUCKS");
For the second one, in Rust, return is used, not ret, so I simply changed ret to return;. For the last comment, I just added the decrypted_buffer variable in the println output:
1
2
3
4
println!("Decrypted flag: {}",// Use {} to print the variable
String::from_utf8_lossy(&decrypted_buffer));
Then, I built and ran the program:
1
2
cargo build
cargo run
Which printed the flag.
๐ ๏ธ Exploitation Process
Approach
The procedure has already been described, so Iโll just leave the final file here:
