Tags: misc
Rating:
> On the server, we are required to answer a series of questions within a time limit of 30 seconds, which is humanly impossible. Thus, we create a script using pwntools.
```python
#!/usr/bin/python3
from pwn import *
from urllib.parse import unquote
import base64
import codecs
r = remote('pwn-2021.duc.tf', 31905)
#start press enter
line = r.recvuntil(b"...")
print(line.decode("utf-8"))
r.send(b"\n")
#1+1=2
line = r.recvuntil(b"1+1=?")
print(line.decode("utf-8"))
r.sendline(b"2")
#define recv function
def recv():
line = r.recvuntil(b": ")
print(line.decode("utf-8"))
res = r.recvuntil(b"\n")
res = res[:-1].decode("utf-8")
print("Input received:",res)
return res
#define send function
def send(payload):
print("Output:",payload)
r.sendline(bytes(str(payload),"ascii"))
#hex to dec
payload = int(recv(),16)
send(payload)
#hex to ascii
payload = chr(int("0x"+recv(),16))
send(payload)
#decode url
payload = unquote(str(recv()))
send(payload)
#from base64
payload = base64.b64decode(recv().encode('ascii'))
payload = payload.decode("utf-8")
send(payload)
#to base64
payload = base64.b64encode(recv().encode('ascii'))
payload = payload.decode("utf-8")
send(payload)
#decode rot13
payload = codecs.decode(recv(), 'rot_13')
send(payload)
#encode rot13
payload = codecs.encode(recv(), 'rot_13')
send(payload)
#binary to decimal
payload = int(recv(),2)
send(payload)
#decimal to binary
payload = bin(int(recv()))
send(payload)
#get flag
line = r.recvuntil(b'?')
print(line.decode("utf-8"))
payload = "DUCTF"
send(payload)
#r.interactive()
line = r.recvuntil(b'//|\\')
print(line.decode("utf-8"))
r.close()
```
> This is the output:
```
[+] Opening connection to pwn-2021.duc.tf on port 31905: Done
Welcome to the DUCTF Classroom! Cyber School is now in session!
Press enter when you are ready to start your 30 seconds timer for the quiz...
Woops the time is always ticking...
Answer this maths question: 1+1=?
Well I see you are not a bludger then.
Decode this hex string and provide me the original number (base 10):
Input received: 0x18
Output: 24
You're better than a dog's breakfast at least.
Decode this hex string and provide me the original ASCII letter:
Input received: 78
Output: x
Come on this isn't hard yakka
Decode this URL encoded string and provide me the original ASCII symbols:
Input received: %22%60%5C
Output: "`\
You haven't gone walkabout yet. Keep going!
Decode this base64 string and provide me the plaintext:
Input received: Z2V0dGluZ19iZXR0ZXJfcHJvZ3JhbW1lX25hdGl2ZQ==
Output: getting_better_programme_native
That's a fair crack of the whip.
Encode this plaintext string and provide me the Base64:
Input received: repository_opera_iraq_ae
Output: cmVwb3NpdG9yeV9vcGVyYV9pcmFxX2Fl
Fair dinkum! That's not bad.
Decode this rot13 string and provide me the plaintext:
Input received: vg_vawhevrf_zvffrq_ox
Output: it_injuries_missed_bk
Don't spit the dummy yet!
Encode this plaintext string and provide me the ROT13 equilavent:
Input received: legislature_sunrise_peers_vulnerability
Output: yrtvfyngher_fhaevfr_crref_ihyarenovyvgl
You're sussing this out pretty quickly.
Decode this binary string and provide me the original number (base 10):
Input received: 0b1011010010101
Output: 5781
Crikey, can you speak computer?
Encode this number and provide me the binary equivalent:
Input received: 7485
Output: 0b1110100111101
You're better than a bunnings sausage sizzle.
Final Question, what is the best CTF competition in the universe?
Output: DUCTF
Bloody Ripper! Here is the grand prize!
.^.
(( ))
|#|_______________________________
|#||##############################|
|#||##############################|
|#||##############################|
|#||##############################|
|#||########DOWNUNDERCTF##########|
|#||########(DUCTF 2021)##########|
|#||##############################|
|#||##############################|
|#||##############################|
|#||##############################|
|#|'------------------------------'
|#|
|#|
|#|
|#|
|#|
|#|
|#|
|#|
|#|
|#|
|#|
|#| DUCTF{you_aced_the_quiz!_have_a_gold_star_champion}
|#|
|#|
|#|
//|\
[*] Closed connection to pwn-2021.duc.tf port 31905
```
`DUCTF{you_aced_the_quiz!_have_a_gold_star_champion}`
