Tags: bruteforce
Rating: 3.0
For a better view check our [githubpage](https://bsempir0x65.github.io/CTF_Writeups/AngstromCTF_2022/#uninspired) or [github](https://github.com/bsempir0x65/CTF_Writeups/tree/main/AngstromCTF_2022#uninspired) out
![https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/uninspired.png](https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/uninspired.png)
So for this challenge we actually used binary ninja as a starting point.
![https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/uninspired1.png](https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/uninspired1.png)
So we can already see that we have a loop and some if clauses here. So for better reading, we put the output here with our comments:
![https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/uninspired2.png](https://raw.githubusercontent.com/bsempir0x65/CTF_Writeups/main/AngstromCTF_2022/img/uninspired2.png)
So the rest of the binary we did not figured out to what the loop is for. Probably we could have but meh we tought why not programm a brute forcer for this ? Maybe not the best idea if you have to guess a 10 digit number. So we did:
```python
#!/usr/bin/python
import sys
from pwn import *
runvar = int(sys.argv[1])
checksolution = ("yay I\'m inspired now, have a flag :)\n").encode('utf-8')
endrunvar = runvar + 1125000000
elf = ELF('./uninspired')
while runvar < endrunvar:
io = elf.process()
print(io.recvline(timeout=2))
sendvar = (str(runvar) + "\n").encode('utf-8')
io.sendline(sendvar)
print (runvar)
if io.recvline(timeout=2) == checksolution:
print(runvar)
break
else:
print("nope")
io.close()
runvar = runvar + 1
print("welcome to the end")
```
So you can see that we made the script in mind to run on multiple cores. Since we let it run for 10 minutes we saw that this will maybe not work out ((┌|o^▽^o|┘))♪ . We also saw that despite we closed the binary all the time we had a memory leakage issue here too. So in the end we did not solved the task.
But after this CTF we found a writeup by TheBadGod [https://github.com/TheBadGod/Angstrom22-Writeups/tree/main/uninspired](https://github.com/TheBadGod/Angstrom22-Writeups/tree/main/uninspired) which brought us the solution 6210001000. So we put that number into our script and it worked ( ・・)つ-●●●.
```console
└─$ ./solution_multirun.py 6210000999
[*] 'uninspired'
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: PIE enabled
[+] Starting local process 'uninspired': pid 2469
b"there's no more inspiration :(\n"
6210000999
[*] Process 'uninspired' stopped with exit code 1 (pid 2469)
nope
[+] Starting local process 'uninspired': pid 2471
b"there's no more inspiration :(\n"
6210001000
[*] Process 'uninspired' stopped with exit code 0 (pid 2471)
6210001000
welcome to the end
```
So we got the solution number too which brings us the flag:
```console
└─$ ./uninspired
there's no more inspiration :(
6210001000
yay I'm inspired now, have a flag :)
actf{ten_digit_numbers_are_very_inspiring}
```