@cR0w @ryanc I might still have that challenge in an archive somewhere... I should check.
Conversation
Notices
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:25:16 JST 
kajer
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:06:39 JST 
Ryan Castellucci :nonbinary_flag:
Was there a directory traversal bug in a major product or service this week?
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:13:19 JST
Ryan Castellucci :nonbinary_flag:
@cR0w thanks, I was trying to figure out what happened based on the memes...
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:15:09 JST
Ryan Castellucci :nonbinary_flag:
@cR0w while I'm here... the first year I was involved in running openctf at DEFCON, we did a retro themed contest, complete with dialup.
One of the challenges was a gopher server with a directory traversal bug. The bug was announced, but a PoC was never released because 30 years ago that wasn't generally done or something.
It was painful seeing people struggling to pwn it
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:21:12 JST
Ryan Castellucci :nonbinary_flag:
@kajer @cR0w yeah it was literally just a ../ thing of I remember correctly.
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:21:13 JST
kajer
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:25:15 JST
Ryan Castellucci :nonbinary_flag:
@kajer @cR0w I remember having to patch it to get it to compile on a modern system
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:28:22 JST
kajer
@ryanc @cR0w That sounds right... We wanted the 90's era gopher but running on FreeBSD 11
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:28:22 JST
Ryan Castellucci :nonbinary_flag:
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:33:53 JST
kajer
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 07:33:59 JST
Ryan Castellucci :nonbinary_flag:
@kajer @cR0w found it. gopher 1.12S from University of Minnesota, and it looks like I changed less than a dozen lines of code 🤯
-
Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 31-Jul-2025 23:56:58 JST
Ryan Castellucci :nonbinary_flag:
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Thursday, 31-Jul-2025 23:56:59 JST
kajer
Lame, the OCTF zVOL is for the 2018 contest, not the 2014 contest... I mean, it makes sense since 2014 was largely infrastructure... 96 POTS lines wasn't going to spawn from a VM
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Friday, 01-Aug-2025 01:52:20 JST
kajer
@ryanc @cR0w I know at least one of those challenges has hello.jpg as a dependency
-
Embed this notice
All GNU social JP content and data are available under the