misc
Character
Solved by : Legend
Challenge description:
Security through Induced Boredom is a personal favourite approach of mine. Not as exciting as something like The Fray, but I love making it as tedious as possible to see my secrets, so you can only get one character at a time!
In this challenge the server is giving us the flag if we put the index value. For example if I put 0
then it will print the value H
and so on. We need to do this till we get the complete flag till }
character.
#! /usr/bin/python3
from pwn import *
SERVER_IP = "94.237.53.53"
SERVER_PORT = 47157
conn = remote(SERVER_IP, SERVER_PORT)
flag = ""
for index in range(111):
conn.sendline(str(index).encode('ascii'))
server_response = conn.recvline().decode().strip()
character = server_response.split()[-1]
flag += character
print(f"Index {index} : Character {character}", end="\r", flush=True)
if character == "}":
break
print(f"Flag: {flag}")
conn.close()
Flag: HTB{tH15_1s_4_r3aLly_l0nG_fL4g_i_h0p3_f0r_y0Ur_s4k3_tH4t_y0U_sCr1pTEd_tH1s_oR_els3_iT_t0oK_qU1t3_l0ng!!}
Stop Drop and Roll
Solved by : Legend
Challenge description:
The Fray: The Video Game is one of the greatest hits of the last... well, we don't remember quite how long. Our "computers" these days can't run much more than that, and it has a tendency to get repetitive...
This challenge is playing a game in which we have to input based on the challenge question.
For example if it says GORGE
we need to respond STOP
, if GORGE, FIRE
we need to send STOP-ROLL
and so on till we finally get the flag.
#! /usr/bin/python3
from pwn import *
IP_ADDRESS = '83.136.252.248'
PORT = 54677
conn = remote(IP_ADDRESS, PORT)
print(conn.recvuntil(b'(y/n)').decode())
conn.sendline(b'y')
print(conn.recvline().decode())
responses = {
'GORGE': 'STOP',
'PHREAK': 'DROP',
'FIRE': 'ROLL'
}
while True:
prompt = conn.recvline().decode().strip()
print(prompt)
if "What do you do?" in prompt:
keywords = prompt.split("What do you do?")[1].strip().split(', ')
else:
keywords = prompt.split(', ')
response_keywords = [responses.get(keyword) for keyword in keywords]
if None in response_keywords:
break
response = '-'.join(response_keywords)
conn.sendline(response.encode())
print(f"Response: {response}")
if 'Unfortunate! You died!' in prompt:
break
if 'Fantastic work! The flag is' in prompt:
flag = prompt.split('Fantastic work! The flag is')[1].strip()
print(f"The flag is: {flag}")
break
conn.close()
The flag is: HTB{1_wiLl_sT0p_dR0p_4nD_r0Ll_mY_w4Y_oUt!}
Unbreakable
Solved by : thewhiteh4t
- This is a python jail challenge, at first it looks difficult because even built-ins cannot be used but then we realized two things :
- it is using
eval
instead ofexec
- open() is not blocked
- it is using
- Payload :
print(open('flag.txt').read())