After closer inspecting the HTTP packets we noticed the server was running Ruby on WEBrick and a Set-Cookie header was set.
Requesting the index page gave us the following Cookie:
This weekend a few of us had some good fun with the defcon 19 CTF prequals. Here’s a short write-up of Pwtent Pwnables 200.
$ file pp200.elf pp200.elf: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), stripped $ wtfux... ; strings pp200.elf -bash: wtfux...: command not found .. @(#)SunOS 5.10 Generic January 2005 $ A-h4!@#%
So we’re dealing with a SunOS/Solaris x86_32 binary here. Time to quickly deploy an Opensolaris VM and see if we can interactively debug this rather than dry reverse it.. Turns out this wasn’t really needed, the code is quite basic, but having an actual environment did help.