Chapter 2

The Green Shard Brawl

Well done agent! This license key should allow us to authenticate against the organisation's private game server.

Indeed, we have confirmed that the organisation runs their own game, called Green Shard Brawl, for both leisure and communication purposes.

Our next target will be the organisation's lead developer. We know for a fact that the target is an avid player of Green Shard Brawl, and is thus highly likely to be connected to the game.

While you were busy deciphering the communications, our intelligence team has managed to lay their hands on a few assets of utmost value:

  • the sources of the server;
  • a Linux build of the game client.

With enough reconnaissance, we have also been able to craft a Dockerfile that accurately mimics the target's desktop environment (yes!). All assets were compiled into a single archive that you can download here.

Your mission is to gain entry into the target's machine through a reverse shell. As the game client is written in C and involves a custom protocol, surely there are bugs you can leverage to hack your way through...

This would allow us to further infiltrate the organisation's network, and perhaps pivot to other servers or actors owning resources that would greatly benefit our investigation. We hold high hopes in you!

Note: the server sources are given for local testing convenience. However, it is useless to try and look for vulnerabilities inside the server itself — as mentioned, the end goal is to pwn the victim's client.