A writeup to the calculator challenge of UTCTF23, definitely not the intended solution though. Involves Python internals, /proc, memory dumping and some RegEx!
Background As so often in life, you can search for things for months without success; then later they fall into your hands without further ado. It was the same with this vulnerability: after months of my servers fuzzing various open source software, the vulnerability described in this post just “ran into me” by looking onto htop closely.
Objective mailcow: dockerized is an open source groupware/email suite based on docker. mailcow relies on many well known and long used components, which in combination result in an all around carefree email server.
Background It was a chill friday evening when Ilias, Alexander and myself sat around our local hackspace Chaosdorf, ate some pizza and played around with the ABUS security camera we were able to get in our hands shortly before. As the company has quite some reputation in Germany, we assumed that there wouldn’t be much to find security-wise, also because this camera was one of the most expensive ones in the consumer market.