mayor_sett3r

remote applications

LLM

command injection

Competetion

iCTF24

Challenge Author

ilgris

Date

Jan. 16, 2025

The app talks back. Use it to find the flag.

Hints

None

Solution

We are given an application we can use via netcat. It's an LLM that repeats your input. ![](/media/writeup_images/iCTF24/mayor_sett3r/2025-01-15-22-22-16_mayor_sett3r_.png) After some experimentation, I figured out I could execute bash commands by escaping the string. ![](/media/writeup_images/iCTF24/mayor_sett3r/2025-01-15-22-24-26_mayor_sett3r_.png) From here, I could read the source code and figured out that it actually was a format string vulnerability. The flag was hardcoded in the source. ![](/media/writeup_images/iCTF24/mayor_sett3r/2025-01-15-22-25-15_mayor_sett3r_.png)