CTFtime.org / UMassCTF 2022 / quickmaths / Writeup

# UMassCTF_2022-quickmaths
#### Script solution by using pwntools
## Question:
nc 34.148.103.218:1228，solve 1000 of math problems. Easy or hard? Up to you.

## Solve:
1. use netcat to connect the server

```linux
nc 34.148.103.218:1228
```

You will get：

```linux
You must solve 1000 of these math problems that are outputted in the following format {number} {operation} {number} to get the flag.
Division is integer division using the // operator.
The input is being checked through python input() function.
Good luck!

96 * 51
```

### Analysis

Server was sending mathematical calculations that had to be calculated, and the input is being checked through python input() function.

#### What does this represent?

My goal is to find a way to get the mathematical questions, and after doing calculations on the questions, send them back to the server to solve a question. as long as the process is looped 1000 times, I think we can get the Flag.
Sounds easy :)

### Pwntools script:

```python
from pwn import *
HOST = "34.148.103.218"
PORT = 1228

def conn(): #connect to server
r = remote(HOST, PORT)
print(r.recvuntil(b'!'))
r.recvline()
r.recvline()
return r

r = conn()
count = 1

while count <= 1000:
try:
print('{0}/1000'.format(count))
question = r.recvline()
print(str(question))
break_question = question.split(b" ")
first = int(break_question[0])
second = int(break_question[2])
# print('first',first)
# print('sec',second)
# print('symbol', break_question[1])
if break_question[1] == b'-':
result = str(first - second)
print(result)
r.sendline(result.encode())

if break_question[1] == b'*':
result = str(first * second)
print(result)
r.sendline(result.encode())

if break_question[1] == b'+':
result = str(first + second)
print(result)
r.sendline(result.encode())

if break_question[1] == b'//':
result = str(first // second)
print(result)
r.sendline(result.encode())
r.recvline()
count += 1
except:
r = conn() # Server side TIMEOUT
count = 1 # restart
flag = r.recvline()
print(flag)
```
## Running the script:
.
![](https://github.com/qq96932100/UMassCTF_2022-quickmaths/blob/main/img/script_running.png?raw=true)

## Get The Flag:
.
![](https://github.com/qq96932100/UMassCTF_2022-quickmaths/blob/main/img/flag.png?raw=true)

## EOFError?
In the process of solving this problem, script always be interrupted due to EOFError issue, it's seems like server timeout. So i figure out this problem by `remote` to reconnect when the error occured.

![](https://backstage.headout.com/wp-content/uploads/2021/04/ezgif-2-423490eb1f31.gif")

Original writeup (https://github.com/qq96932100/UMassCTF_2022-quickmaths).

quickmaths

Comments

Sign in with