webmedium

on error resume next

hxp_39c3

Task: obtain 1337 credits in a Go bank application to buy the flag. Solution: exploit the type mismatch between MySQL BIGINT UNSIGNED and Go int64 — create a user with id=2^63, causing rows.Scan() overflow which zeroes the receiver field, creating infinite money for user id=0.

$ ls tags/ techniques/

mysql go golang integer_overflow bigint_unsigned int64 error_handling scan_error type_mismatch infinite_money bank_application

Integer overflow exploitation (BIGINT UNSIGNED to int64)Error ignoring pattern abuseType mismatch between database and applicationInfinite money glitch via scan failure

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]