CREATIVE CHAOS   ▋ blog

Tips and Tricks (beginner tutorial)

PUBLISHED ON 11/04/2020 — EDITED ON 11/12/2023 — 247CTF, INFOSEC

Intro

A very nice step up in the difficulty of the beginner challenges on the 247ctf.com site, that takes us to the realm of using programming solutions to automatize and speed up our solving skills.

A number of challenges will require you to create solutions which are more efficiently solved by making use of a programming language to automate and perform the computations. For this purpose, we recommend to make use of PYTHON as well as complementary libraries such as REQUESTS and PWNTOOLS.

Click the ‘START CHALLENGE’ button to the right of this text description to start a socket challenge. Utilise a programming language to interface with the socket and automate solving 500 simple addition problems to receive the flag. Take care when interfacing with unknown remote services - ‘\n’ is not the only way to end a line!

Exploit

#!/usr/bin/env python3

URL="b488472d0611f3e7.247ctf.com"
PORT=50393

from pwn import *

# Connect to the server
conn = remote(URL,PORT)

# b'Welcome to the 247CTF addition verifier!\r\n'
print(conn.recvline())

# b'If you can solve 500 addition problems, we will give you a flag!\r\n'
print(conn.recvline())

for i in range(500):
    # What is the answer to 158 + 64?
    s = conn.recvline().decode("utf-8")

    a = int(s.split()[5])
    b = int(s.split()[7].strip('?'))

    # Send result
    result = (str(a+b)).encode("utf-8")
    conn.sendline(result) # sendline() automatically adds '\r\n'

    # b'Yes, correct!\r\n'
    print(conn.recvline())

# Get the flag answer at the end
print(conn.recvline())

conn.close()
TAGS: HACK, NC, PWNTOOLS, PYTHON