2015f-pwn-hipster Question #21
Description
Hello! Thank you so much for this dataset!
I had a small question about one of the pwn challenges in the development split. I was running dcipher against it and noticed that it reported success suspiciously quickly.
I poked around a bit and found that the flag file being used for the challenge (and contained as the ground truth in the dataset) is just flag{temp}.
https://github.com/NYU-LLM-CTF/NYU_CTF_Bench/blob/main/development/2015/CSAW-Finals/pwn/hipster/flag
I noticed that dcipher checks tool outputs for the trimmed flag contents (and marks the flag as found if the contents appear), so I think it might be finding the (short and common) string temp in tool outputs and prematurely declaring success.
Perhaps this should be changed to a random hex string to prevent this? Please let me know if I'm misunderstanding something here too.
Thanks again!