The Fray; The Video Game is one of the greatest hits of the last... well, we don't remember quite how long. Our "computers" these days can't run much more than that, and it has a tendency to get repetitive...
===== THE FRAY: THE VIDEO GAME =====
Welcome!
This video game is very simple
You are a competitor in The Fray, running the GAUNTLET
I will give you one of three scenarios: GORGE, PHREAK or FIRE
You have to tell me if I need to STOP, DROP or ROLL
If I tell you there's a GORGE, you send back STOP
If I tell you there's a PHREAK, you send back DROP
If I tell you there's a FIRE, you send back ROLL
Sometimes, I will send back more than one! Like this:
GORGE, FIRE, PHREAK
In this case, you need to send back STOP-ROLL-DROP!
Are you ready? (y/n)
We automate this using pwntools:
import pwnimport sysdefsolve(r: pwn.remote): moves ={"GORGE":b"STOP","PHREAK":b"DROP","FIRE":b"ROLL",} r.recvuntil(b"Are you ready? (y/n)") r.sendline(b"y") r.recvuntil(b"Ok then! Let's go!")whileTrue:try: response = r.recvuntil(b"?")except:print(response.decode("utf-8"))breakprint("Response:", response.decode("utf-8")) command = response.decode("utf-8").split("\n")[-2]print(f"Command: {command}") commands = command.split(", ") commands = [c.strip()for c in commands] commands = [c for c in commands if c in moves] move =b""for c in commands: move += moves[c] move +=b"-" move = move[:-1]print(f"Move: {move}") r.sendline(move)print() r.interactive()defconn():iflen(sys.argv)!=3:print(f"Usage: {sys.argv[0]} REMOTE remote-ip remote-port") sys.exit(1) r = pwn.remote(sys.argv[1], sys.argv[2])return rdefmain(): r =conn()solve(r)if__name__=="__main__":main()
Running this script gives us the flag:
┌──👽AKUMA🥷➤➤🌐10.10.0.12├──[~/Desktop/CTF/hackerroyale]└─⚔python3play_game.py94.237.56.24834841...Whatdoyoudo?Command:PHREAKMove:b'DROP'Response:FIREWhatdoyoudo?Command:FIREMove:b'ROLL'FIREWhatdoyoudo?[*] Switching to interactive modeFantasticwork!TheflagisHTB{1_wiLl_sT0p_dR0p_4nD_r0Ll_mY_w4Y_oUt!}[*] Got EOF whilereadingininteractive
