StopDropAndRoll [MISC]

Description:

The Fray; The Video Game is one of the greatest hits of the last... well, we don't remember quite how long. Our "computers" these days can't run much more than that, and it has a tendency to get repetitive...

Misc - 300 points

Walkthrough

We start by connecting to the provided server:

┌── 👽AKUMA 🥷 ➤➤ 🌐10.10.0.12
├──[   ~/Desktop/CTF/hackerroyale]
└─ ⚔ nc 94.237.56.248 34841

We are greeted with the following message:

===== THE FRAY: THE VIDEO GAME =====
Welcome!
This video game is very simple
You are a competitor in The Fray, running the GAUNTLET
I will give you one of three scenarios: GORGE, PHREAK or FIRE
You have to tell me if I need to STOP, DROP or ROLL
If I tell you there's a GORGE, you send back STOP
If I tell you there's a PHREAK, you send back DROP
If I tell you there's a FIRE, you send back ROLL
Sometimes, I will send back more than one! Like this: 
GORGE, FIRE, PHREAK
In this case, you need to send back STOP-ROLL-DROP!
Are you ready? (y/n)

We automate this using pwntools:

import pwn
import sys


def solve(r: pwn.remote):

    moves = {
        "GORGE": b"STOP",
        "PHREAK": b"DROP",
        "FIRE": b"ROLL",
    }
    r.recvuntil(b"Are you ready? (y/n)")
    r.sendline(b"y")
    r.recvuntil(b"Ok then! Let's go!")

    while True:
        try:
            response = r.recvuntil(b"?")
        except:
            print(response.decode("utf-8"))
            break
        print("Response:", response.decode("utf-8"))
        command = response.decode("utf-8").split("\n")[-2]
        print(f"Command: {command}")
        commands = command.split(", ")
        commands = [c.strip() for c in commands]
        commands = [c for c in commands if c in moves]
        move = b""
        for c in commands:
            move += moves[c]
            move += b"-"
        move = move[:-1]
        print(f"Move: {move}")
        r.sendline(move)

    print()
    r.interactive()


def conn():
    if len(sys.argv) != 3:
        print(f"Usage: {sys.argv[0]} REMOTE remote-ip remote-port")
        sys.exit(1)
    r = pwn.remote(sys.argv[1], sys.argv[2])
    return r


def main():
    r = conn()

    solve(r)


if __name__ == "__main__":
    main()

Running this script gives us the flag:

┌── 👽AKUMA 🥷 ➤➤ 🌐10.10.0.12
├──[   ~/Desktop/CTF/hackerroyale]
└─ ⚔ python3 play_game.py 94.237.56.248 34841

...

What do you do?
Command:  PHREAK
Move: b'DROP'
Response:  FIRE
What do you do?
Command:  FIRE
Move: b'ROLL'
 FIRE
What do you do?

[*] Switching to interactive mode
 Fantastic work! The flag is HTB{1_wiLl_sT0p_dR0p_4nD_r0Ll_mY_w4Y_oUt!}
[*] Got EOF while reading in interactive

PreviousUnbreakable [MISC]NextCharacter [MISC]

Last updated 10 months ago