CSAW CTF Quals 2014 - bo (100pts) writeup

The challenge description was: exploit this

This challenge was a free points for all to get started:

mrt:~/csaw$ file bo
bo: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x2e3f8e69d13dd81d59ea63c9193dadcd8c8c73aa, not stripped

mrt:~/csaw$ strings bo
/lib/ld-linux.so.2
__gmon_start__
libc.so.6
_IO_stdin_used
setuid
socket
vasprintf
exit
htonl
htons
srand
fork
time
__stack_chk_fail
listen
getpwnam
bind
chdir
read
setgroups
dup2
setsockopt
alarm
freeifaddrs
getifaddrs
__sysv_signal
close
open
accept
getdtablesize
errx
setgid
strcmp
__libc_start_main
write
free
GLIBC_2.3
GLIBC_2.4
GLIBC_2.0
PTRh
=~~~~v
UWVS
[^_]
Welcome to CSAW CTF!
Time to break out IDA Demo and see what's going on inside me. :]
flag{exploitation_is_easy!}
Unable to set SIGCHLD handler
Unable to create socket
Unable to set socket reuse option
Unable to bind socket
Unable to listen on socket
Unable to find user
Unable to remove extra groups
Unable to change GID
Unable to change UID
Unable to change current directory
/dev/urandom
;*2$"

No need to break out IDA, the flag is hardcoded into the binary.

We got our flag:

exploitation_is_easy!