Fetch the Flag CTF 2022 writeup: Not So Smart Fridge

The challenge "Not So Smart Fridge" from Fetch the Flag CTF 2022 starts with a warm welcome and a description of the Smart Fridge Ultra SFU-3000, but its actual capabilities are disappointing. The fridge's firmware is pistache/0.0.3.20220107, which has a known path traversal vulnerability. By exploiting this vulnerability, the flag can be accessed through accessing a specific folder path on the fridge's web application, which points to the currently running process, allowing the download of the pistache binary. The binary is then reverse engineered using Ghidra, and an analysis of the decompiled code reveals that the flag is hidden in a method named checkFlag, with a specific length constraint. By analyzing the method's logic and constraints, the flag can be reconstructed.