hxp
2022
Join us on IRC! Libera Chat | #hxpctf - Stalk us on Twitter @hxpctf
browser_insanity
by sisu
Difficulty estimate: 
- medium
Points: round(1000 ยท min(1, 10 / (9 + [14 solves]))) = 435 points
Description:
Ever wanted to hack a tiny OS written in x86-32 assembly and C--? Me neither but it’s hxp CTF 2022.
Give us an URL, the user in the KolibriOS VM will visit it. You need to get the flag from /hd0/1/flag.txt
The source code you could get from https://repo.or.cz/kolibrios.git/tree/7fc85957a89671d27f48181d15e386cd83ee7f1a
The browser is at programs/cmm/browser in the source tree.
It relies on a couple of different libraries (e.g. programs/develop/libraries), grep around.
KolibriOS has its own debugger, DEBUG, available on the desktop. It may come in useful.
The kernel ABI is at kernel/trunk/docs/sysfuncs.txt
For building random pieces:
INCLUDE=path_to_header.inc fasm -m 1000000 -s debug.s file.asm file.out
Download:
browser_insanity-a0dafc61366d8e9a.tar.xz (1.3 MiB)
Connection (mirrors):
nc 78.46.199.173 27499
Solved by:
| # | Team | Time |
|---|---|---|
| browser_insanity released | 2023-03-11 10:08:36 +0000 UTC | |
| ๐ฅ | Kalmarunionen | 2023-03-11 13:51:26 +0000 UTC |
| ๐ฅ | The Flat Network Society | 2023-03-11 16:55:25 +0000 UTC |
| ๐ฅ | copy | 2023-03-11 19:19:45 +0000 UTC |
| 4 | Blue Water | 2023-03-11 20:13:33 +0000 UTC |
| 5 | thehackerscrew | 2023-03-12 00:31:48 +0000 UTC |
| 6 | Dragon Sector | 2023-03-12 01:13:25 +0000 UTC |
| 7 | about:blankets | 2023-03-12 03:44:27 +0000 UTC |
| 8 | ./Vespiary | 2023-03-12 07:48:38 +0000 UTC |
| 9 | Hot Ice Americano | 2023-03-12 08:13:50 +0000 UTC |
| 10 | mhackeroni | 2023-03-12 09:16:37 +0000 UTC |
| 11 | justCatTheFish | 2023-03-12 11:13:07 +0000 UTC |
| 12 | We_0wn_Y0u | 2023-03-12 11:34:06 +0000 UTC |
| 13 | Never Stop Exploiting | 2023-03-12 11:35:44 +0000 UTC |
| 14 | Aali | 2023-03-12 15:03:08 +0000 UTC |