This repository will run the Cyber Grand Challenge proof of vulnerabilities and collect the interactions made.
docker build -t run-cgc-povs .
docker run -it --rm -v $PWD/results:/results run-cgc-povs
- Game with a set of simple controls and treasure.
- The treasure is always in the same location, but the control change every time you play.
- Involves several simple echo challenge responses
- Must be able to solve sudoku
- Makes use of `select` system call
- According to the challenge author, “Vulnerability requires an awareness of timing, as the vulnerable code path will not be triggered unless a timeout occurs.” (https://github.com/lungetech/cgc-challenge-corpus/tree/master/NRFIN_00071)
- According to trailofbits porting-notes.txt, “SBTP wants to hash its .text. It assumes this goes from go() to longjmp().” (https://github.com/trailofbits/cb-multios/blob/master/disabled-challenges/SBTP/porting-notes.txt)
- Needs a high (120s) timeout