BFS Ekoparty Exploitation Challenge

Win entrance tickets to Ekoparty in Argentina by hacking the unbreakable voting machine.

Posted on Aug 02, 2017  | Author: BFS Labs

Introduction

The time is near: Great talks, amazing parties and delicious asado! The Ekoparty Security Conference is approaching and Blue Frost Security will be providing some great entertainment this year! Apart from a great whiskey bar we are setting up, we will be giving away 7 entrance tickets for free for you to enjoy this wonderful conference. However there is a catch (there is always a catch, right? ;-)): You must complete a small challenge.

The Scenario

Beginning of last year, a top secret task force inside the government started the development of the first unbreakable voting machine the world has ever seen. However, after some voting irregularities were reported in the last election by some Gaucho hackers, the government decided to release details about their top secret project to the public in order to crowdsource a security review of their voting software.

People on Twitter already took a first quick look at the published server component which seems to be a 64-bit PE binary. They claim to have identified a simple stack-based buffer overflow which is supposedly really easy to trigger. However no further details were provided. The government still denies any potential security impact and refers to their use of “state-of-the-art exploit mitigations which renders any of these bugs unexploitable”. 

Physical Address location of the 'HalpInterruptController' table

The Rules

  1. We only have 7 tickets, so first come first serve
  2. Gain remote code execution by exploiting a bug in the server component
  3. You must launch calc.exe or notepad.exe to successfully convince the government
  4. Your exploit must work in the 64-bit version of Windows 7, 8 or 10. Bonus points and free whiskey will be provided if it works in all of them :-)
  5. It's desirable that the vulnerable server doesn't crash after exploitation. Bonus whiskey shots for ensuring that the server keeps working post exploitation.
  6. Solutions will be accepted in Python (most recommendable), C or C++
  7. Solutions should be sent to research@bluefrostsecurity.de and your full name needs to be provided in order to claim a free ticket

You can download the application here

May the force be with you and see you all at the Blue Frost Whiskey Bar at Ekoparty!