* Login using 64 bytes long username leads to null byte off by one overflow on function pointer. * Calling the overflowed function pointer allows us to read any local file. (flags are in data/ directory)
Original writeup (http://khack40.info/faust-ctf-toilet-exploitation-write-up/).