code and exploit for 33C3 CTF task 'coercive'
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
exploit
scripts
src
static/css
template
.dockerignore
.gitignore
Dockerfile
LICENSE
Makefile
README.md
Setup.hs
deploy_key
deploy_key.pub
flag
gibe_flag_plx
gibe_flag_plx.c
make_package.sh
stack.yaml
test.sh
the-one-and-only-coercive.cabal

README.md

Setup

To get the code:

$ git clone git@github.com:niklasb/coercive
$ cd coercive

Running

We use docker for easy deployment:

$ docker build -t niklasb/coercive .
$ docker run -p 7777:7777 -it niklasb/coercive

Press ^P^Q to detach. The web server is running on port 7777. Temporary files that are older than 5 minutes will be deleted regularly.

The deployment can update itself via git. For that it uses a deployment SSH key to pull from git@github.com:niklasb/coercive.

TODO

  • Revisit interpolation logic in Report.hs to close any potential security holes
  • Upgrade to GHC 8.0! 7.8 and 7.9 have seem to have some serious problems with the type checker. Hopefully nobody looks at this too closely.