Agreed. I played it and thought it was okay.
It teaches people to enumerate versions of software on the box and see if there
are any vulnerabilities, and to enumerate sudo capabilities.
I think it’s always cool to see nim in ctf challenges though, I’ve enjoyed
playing a few rev problems in nim.
It’s based off of an old CVE where input wasn’t properly sanitized and has
since been mitigated.
The takeaway is don’t give nimble SUID perms
Thanks for sharing that, I was the one who gave the talk about this.
