Tags: pwntools coding

Rating:

This is a challenge that is an extension of a previous challenge...
It has more constraints. Only 2 guesses to find the joke and we also have to find 10 jokes within 60 sec to be able to get the flag.. and also we will be getting only the size of the joke as an attribute.

**STEP 1**
This step was to get all the jokes in the website that they leaked wantingly. There were around 640 or so jokes.. Now we need to clean them using the same function that they used..
As we have only the length of the flag, we don't know what the joke may be...
**For example**
Let the length be 32 then, there were 5 jokes.
Here comes step 2

**STEP 2**
Now we have to use one of the guesses and find which are the correct positions that we have submitted and try to find the which in the remaining jokes have these similar positioned letters.

**STEP 3**
SPEED ....

We have to focus on the speed of the process as we have only 60 sec to solve 10 problems and it is literally impossible to do it manually..

So, understanding this, I used Python (pwntools) and automated the solution

**CODE**


import numpy as np
from pwn import *

alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

def alphacheck(somestr):
for c in somestr:
if not c in alphabet:
return False
return True

f=open("jokes","r")
f.close()
jokes = lngstr.split("\n")[:-1]
jokes2 = []

for joke in jokes:
joke = joke.upper()
temp=''
for i in joke:
if (alphacheck(i)):
temp+=i
if temp not in jokes2:
jokes2.append(temp)

conn = remote('0.cloud.chals.io',33282)
conn.recvline()

for i in range(10):
input = conn.recvline()
guess = conn.recvline()
n=int(input[41:43])
flag = []
for i in jokes2:
if len(i) == n:
flag.append(i)
print("ATTEMPING : ",flag)
conn.sendline(flag)
temp = str(conn.recvline())
if 'One down' in temp:
continue
else:
print("[+] wrong guess")
guess = str(conn.recvline())
temp = str(temp[2:-19])
dict = eval(temp)
print(dict['correct'])
if len(dict['correct']) == 0:
conn.sendline(flag)
if len(dict['correct']) == 1:
for i in range(1,len(flag)):
if flag[dict['correct']] == flag[i][dict['correct']]:
conn.sendline(flag[i])
if len(dict['correct']) == 2:
for i in range(1,len(flag)):
if flag[dict['correct']] == flag[i][dict['correct']] and flag[dict['correct']] == flag[i][dict['correct']]:
conn.sendline(flag[i])
if len(dict['correct']) > 2:
for i in range(1,len(flag)):
if flag[dict['correct']] == flag[i][dict['correct']] and flag[dict['correct']] == flag[i][dict['correct']] and flag[dict['correct']] == flag[i][dict['correct']]:
conn.sendline(flag[i])
conn.recvline()

print(conn.recvline())



Thank you