当て身 Atemi

A Cybersecurity blog by shinris3n
👊 Writeups 👊 News 👊 Resources

Part of the Ninpwn Network
shinris3n
<< back

8 August 2020

Roll For Initiative 1

Challenge Source: Defcon 28 - Red Team Village CTF
Challenge Category: programming

Programming - Roll for Initiative 1

When connecting to the server, the “Backdoors and Breaches” game begins and we need to “Roll for Initiative”:

8fcfc4d3c0aec11816b20352a7954d6b.png

Experimenting a bit we find:

Our code therefore needs to open a connection to the server, submit some values, keep track of the correct values, restart the connect when an incorrect value is submitted, and find the flag, which we know will probably have ‘{‘ in it.

import os
import sys
import struct
import socket

address = '164.90.147.2'
port = 1234
buffer = 4096
data_to_send = ['14'] * 10
flag = ''
received_data = ''
while flag == '': 
        tcpsocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        tcpsocket.connect((address, port))
        while 'What did you roll?' not in received_data:
                received_data = tcpsocket.recv(buffer).decode('utf-8')
        #print ('Received:', received_data)
        index = 0
        while True:
                #print ('Sending:', data_to_send[index], 'Array Index: ', index)
                formatted_data_to_send = (str(data_to_send[index]) + '\n').encode('utf-8')
                tcpsocket.send(formatted_data_to_send)
                received_data = (tcpsocket.recv(buffer)).decode('utf-8')
                #print ('Received:', received_data)
                if received_data == '':
                        break
                elif 'valid' in received_data:
                        print ('Error!')
                        sys.exit(0)
                elif '{' in received_data:
                        flag = received_data
                        print ('Flag =', flag)
                        break
                elif 'Correct' in received_data:
                        #print ('GOT IT!')
                        index += 1
                else:
                        new_array_entry = received_data.lstrip('Sorry, the roll I was looking for was ')        
                        #print ('Array Entry Added:', new_array_entry, 'Index:', index)
                        data_to_send[index] = new_array_entry

0989ccb25f75075faa483cf4bde6b738.png

Tags: Defcon28-RTVCTF