TAG | legitbs
This writeup explains how we (Andreas Straub, rep and myself as part of 0ldEr0pe) ended up pwning the musicman service during the 2013 DEF CON CTF qualifying (for which we did’t qualify this year. meh!).
The service listens on port TCP port 7890. As soon as you connect it starts throwing binary data at you. After dumping that data into a file, we recognized that this is a WAV audio file. After fucking everybody up by playing the high-pitch noise contained in that file a few times for the lulz we opened it up in audacity and saw some obvious structures: