As my second part of this write-up series, I will cover two relative small challenges that appeared in the qualifiers round of this year’s Cyber Security Challenge Belgium.
The idea was simple: someone had made an online C compiler, which could be used by sending C code to the server using netcat and you’d receive the response from the application.
Since this programming language is something I haven’t used in a couple years, I initially thought that this might be a hard challenge for me. However it turned out to be very easy.
As often with CTF’s, Google is your best friend and often being familiar with search terms and knowing what to search for is what will bring you to the top of the scoreboard. I think being able to use search engines properly is often a highly underrated skill in CTF’s and IT in general. I started searching along the lines of “Security issues compiling C” and I quickly found this thread on Stackoverflow: Is it dangerous to compile arbitrary C?
The answer on this user’s question basically gave me the solution to the challenge. Now it was just a matter of finding the file where the flag was located.