dc2021q - pza999

by mike_pizza

This was a jeopardy challenge, part of dc2021q.

This challenge was represented as 💫
Points: 500

Description

OOO Corp is proud to unveil the PZA999, a new top-of-the-line ethernet device. Before these devices are available for purchase, we've provided our developer environment to download. Inside you'll find everything you need to get started, a PZA999 emulator and the source code for our PZA999 driver. Make a TCP connection to the IP and port below to receive instructions on how to connect to a remote PZA999. Flag is in /root/flag

This challenge presented players with a vulnerable network driver, a made-up emulated networking device (the PZA999, implemented in QEMU), and a small TFTP server. Source for the network driver was provided during the game, while QEMU and the TFTP server were given as non-stripped binaries. The goal was to compromise the remote kernel and achieve enough code execution to read /root/flag. Players could interact with the remote instance through a TFTP server listening on port 5556, this TFTP server was running as root, so compromising this service effectively would allow the player to read the flag.

The files released during the game are available at https://github.com/o-o-overflow/dc2021q-pza999-public/raw/main/service/pza999.tgz

This challenge had special hosting during the competition, and we don't currently support spawning VMs for it :(
See the source repository for more info.

Hints

None yet :(
If you wish, you can contribute some.

Source

Spoilers ahead! Code for this challenge is publicly available. Files available to players during the game: https://github.com/o-o-overflow/dc2021q-pza999-public/raw/main/service/pza999.tgz