Domain name resolver
10
points
Easy
Check IP of your favorite domain.
nc rivit.dev 10004
Flag
Top10
Rating
4.66
Discussion
- For those who want a hint, Decompile the source code you will find what is happening under the hood,
- See what command it's trying to execute and learn about that command.
- After finding the command, try how can you inject commands with that
0
eazy if somebody needs help just let me know
0
the solution is soo dumb.. i was stuck at this challenge for 3 days.. thought of some complex stuff.. in 10 point challenge.. but no.. the answer is simple and very very dumb.. anyone wanting hints... well.. no hints do it yourself.. its very easy
btw.. nice challenge.. researched and learnt a lot.. Thankyou..
1
hint please
0
the solution is soo dumb.. i was stuck at this challenge for 3 days.. thought of some complex stuff.. in 10 point challenge.. but no.. the answer is simple and very very dumb.. anyone wanting hints... well.. no hints do it yourself.. its very easy
btw.. nice challenge.. researched and learnt a lot.. Thankyou..
1
2 months ago
If anybody face extreme problem !!! 1. use reverse engineering tool (Ghidra or binary ninja) , 2. After analyzing you will see , The program use the system call and use our input as it's argument/param without sanity check . For this , " command injection " can be applied 3. So , after nc in linux cat the flag ( ; cat flag.txt )