https://github.com/azarattum/matrixchat

Matrix themed TUI chat application (CTF challenge).
https://github.com/azarattum/matrixchat

Last synced: about 1 year ago
JSON representation

Matrix themed TUI chat application (CTF challenge).

Host: GitHub
URL: https://github.com/azarattum/matrixchat
Owner: Azarattum
Created: 2020-02-28T14:05:12.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2021-10-05T09:53:07.000Z (over 4 years ago)
Last Synced: 2025-01-30T23:30:31.578Z (over 1 year ago)
Language: C#
Homepage:
Size: 103 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          # Matrix Chat

Matrix themed TUI chat application (CTF challenge).

## Features:

  - Join rooms

  - Write private messages

  - Toggle display of message time

  - View your message history

### Usage: 

Start the server's executable from the *bin* folder. Join the server via provided client.

### Solution:

Using regex bypass tecnique we can obtain an arbitrary file read.

For example, to get `../Server.deps.json` we write `./...//..Server.deps.json` as our username.

Then we execute `/memories` on the server to read our chat history. But the file `../Server.deps.json` is printed instead.

An automated exploit is available [here](https://github.com/Azarattum/MatrixChat/blob/master/exploit.py). Note that `pywinauto` package is required in order to run this automation.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/azarattum/matrixchat

Awesome Lists containing this project

README