SShortSingh.
Back to feed

BroncoCTF 'Negative Bread' Challenge Solved via Signed Integer Flaw in Bank Binary

0
·1 views

A BroncoCTF challenge presented participants with a 64-bit ELF binary simulating a bank, where the goal was to raise a starting balance of $100 to $1,000,000 to unlock a flag. The binary contained a 'Dispute a Charge' feature that checked the absolute value of the input for bounds enforcement but applied the original signed integer directly to the balance. By entering a large negative number, the absolute value passed the magnitude check while the negative value was added to the balance, causing an integer underflow that pushed the balance past the winning threshold. This check-effect mismatch, combined with the absence of stack canaries, NX protection, or PIE, made the binary straightforward to exploit without advanced techniques like ROP chains. The unstripped binary also exposed a dedicated 'win' function that printed the flag once the balance condition was met, confirming the vulnerability required only a single malformed dispute input.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Cisco EEM: The On-Box Automation Engine Most Network Engineers Ignore

Embedded Event Manager (EEM) is an event-driven automation framework built into Cisco IOS, IOS-XE, and NX-OS that allows network devices to monitor and respond to events without any external server or orchestration platform. The framework operates on a simple model: when a defined event occurs, the device automatically executes one or more configured actions, packaged together as an 'applet.' EEM can respond to a wide range of triggers including syslog patterns, SNMP threshold breaches, CLI commands, timers, and interface counter changes. Its key advantage over external automation tools is independence — it continues to function even when the WAN is down, the network management system is offline, or remote access is unavailable. This article is the first in a five-part series aimed at helping network engineers move beyond basic port-recovery use cases and unlock the broader capabilities of on-box automation.

0
ProgrammingDEV Community ·

Fan Builds GeoGuessr-Style Browser Game for Super Mario Odyssey

A developer has created OdysseyGuessr, a browser-based game inspired by GeoGuessr that tests players' memory of Super Mario Odyssey's in-game worlds. Players are shown a screenshot from one of the game's Kingdoms and must pin the correct location on a map, with precision determining the score. The game supports both single-player modes with customizable rounds and real-time multiplayer featuring a 5,000 HP battle system. Community members can submit locations, which are reviewed through built-in admin moderation tools. OdysseyGuessr is an unofficial fan project with no affiliation to Nintendo and is currently available to play in the browser.

0
ProgrammingDEV Community ·

Developer Builds Real-Time Solana-Snowflake Pipeline to Score World Cup Fan Conviction

A developer created FERVOR, a real-time conviction oracle that tracks World Cup fandom by analyzing on-chain wallet behavior across 16 country tokens on Solana. The system ingests live swap and transfer data via Helius, processes it through a six-stage pipeline using Snowflake Dynamic Tables and Cortex ML, and writes computed scores back to a Solana devnet oracle account every five minutes. Conviction is measured by metrics such as how long wallets hold a team's token, with Argentina currently leading at an average hold time of 109 days. The project was built as a Weekend Hackathon submission targeting best use of both Snowflake and Solana, demonstrating a bidirectional data loop between the two platforms. A live Streamlit-in-Snowflake dashboard surfaces analytics including anomaly detection, forecasts, and AI-generated briefs without requiring external hosting.

0
ProgrammingDEV Community ·

BroncoCTF 'Lovely Login' Challenge Solved via robots.txt Leak, Not Injection

A Capture The Flag web challenge called 'Lovely Login' featured a login form backed by an Express API that appeared vulnerable to NoSQL operator injection, but server-side type-checking blocked all such attempts. The real vulnerability was discovered through standard web reconnaissance: the site's robots.txt file contained a disallowed path pointing to an internal documentation page at /security, along with a base64-encoded string that decoded to a list of valid usernames. The /security page revealed that user passwords were simply the reverse of their usernames — a predictable, non-random derivation scheme. Combining the decoded username list with this logic immediately produced valid credentials for the admin account. The root cause was twofold: sensitive internal notes were left publicly accessible in production, and robots.txt was mistakenly relied upon as an access control mechanism rather than a mere crawler directive.

BroncoCTF 'Negative Bread' Challenge Solved via Signed Integer Flaw in Bank Binary · ShortSingh