Rating: 4.7
The challenge consists of a remote port and a local binary. The goal is not to find the flag, but to find an input that the binary accepts. It will then open flag.txt and print the contents.
Light reversing shows that the program does read a number as input, checks if it is 16 digits long, and contains no zeros. Then it does a lot of math on the number. But in the end, the final check prints the flag if the result is divisible by 10. This can be brute-forced very quickly.
```python
from pwn import *
from random import choices
for _ in range(10000):
r = process("./welcome")
r.recvline()
num = ''.join(choices("123456789", k=16))
r.sendline(num)
if not b"number" in r.recvline():
print(num)
break
r.kill()
```
After ~5 attempts, it prints a number that passes the check, e.g. `5376425822766261`. Giving this to the server reveals the flag: `FwordCTF{luhn!_wh4t_a_w31rd_n4m3}`
The flag is a reference to the [Luhn algorithm](https://en.wikipedia.org/wiki/Luhn_algorithm), which is likely what this actually was.