wargames01 RawSec2020
nurfitri •
Intro
Back in February 2020, I joined RawSec 2020 minicon CTF competition held in KL under my lecturer' name (he's the one who attends the event, and I join the CTF remotely for fun). I joined this CTF challenges with my buddy @CrystalCry97.
We are able to solve quite number of challenges in that game, but we didn't win because we both are still noobs or atleast I am noobs compared to other talented participants who joined that event. Back then I haven't got a chance to write a proper write-up on the challenges, but I still save some of the source code that I used to solve the challenges, and in this post I'll try to explain a bit about my solution and the source code.
The Question
So this is a noobs level question.
Out of my limited knowledge, I think there are a few ways to approach this problem, maybe we can use netcat to connect to the server to get and send the unsigned integers, or maybe write a bash script on top of that ? Because I am not that well knowledgable about linux command and bash scripting, I choose to approched this problem using python script.
My Approach..
- The first thing that I do is ping the domain name to get the ip address of the server (didn't remember if I ping it or use nmap to scan it, but I just want the IP address).
- Then I start to write the script.
- For the script, I am using python socket library to create a socket to communicate with the server and also make use of python struct library to pack and unpack the bytes send by the server.
- After received the 2 integers I add it together, send it back to the server and then wait for the flag
the entire code is like this, (note that, this code is dirty and not great)
import socket import struct s = socket.socket() s.settimeout(2) try: s.connect(target) mylist = [] added = 0 for x in range (0,2): header = struct.unpack('<I', s.recv(4)) mylist.append(header) print mylist # add two numbers together for number in mylist: added += number[0] print number print "added:",added #send back the added number added = struct.pack('<I',added) print 'Sending:',added s.send(added) print "Wait for reply", reply = s.recv(1024) print "reply", reply s.close() # print bytesNumber except socket.error as error: print "Error Connecting:", error
this part of the code is just me importing the library and initialize the socket I set the port number and the ip address of the target server to connect to.
import socket import struct s = socket.socket() s.settimeout(2) port = 5345 target = (" 113.23.255.180",port)
then inside try statement, I try to connect to the server, I loops 2 times because of the 2 unsinged intergers being send by the server. I used struct.unpack() to unpack the bytes data, and '<I' parameter to unpack the little endian bytes into an interger
try: s.connect(target) mylist = [] added = 0 for x in range (0,2): header = struct.unpack('<I', s.recv(4)) mylist.append(header) print mylist
then, I basically just add those two integers in the list together and pack it back to send to the server and wait for the reply.
# add two numbers together for number in mylist: added += number[0] print number print "added:",added #send back the added number added = struct.pack('<I',added) print 'Sending:',added s.send(added) print "Wait for reply", reply = s.recv(1024) print "reply", reply s.close() # print bytesNumber
and then the server reply with the flag, I used it to ssh into the next challenge
User:level1 Pass:Adad!3fse5s
Well, I don't think that this is a best approach and obviously not the best code to tackle the problem, but I just want to share how I did it. I hope this can be helpful to anyone that stumble across this kind of question. If there is easier and better solution, feel free to share it with me.