All you get is a URL input, that's it. Can you exploit it?

deployment has the Vagrantfile and ansible script necessary.

exploit has the exploit that works.

The challenge is running the original WWW web browser written by Sir. Tim Berners-Lee.

It is version 0.15 of the WWW browser, and you can tell becuase of the hash sent by the frontend: 520d462abb92809b4fa1eaaafabbaee4

This is the md5 of the WorldWideWeb.app/WorldWideWeb binary.

There is a buffer overflow in HTTP.c :

strcpy(command, "GET ");

Exploiting this gets you a shell, once you send proper shellcode.

Check out exploit

TAGS: pwn

LEVEL: med/hard? (very hard to tell)

STATUS: ready to deploy

AUTHOR: adamd

TESTED BY: nobody.