CTFtime.org / RITSEC CTF 2023 / Chandi Bot 4 / Writeup

# Chandi Bot 4

- 183 Points / 147 Solves

## Background

Can you beat the bot?

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230401225337.png)

## Find the flag

In this challenge, we need 3 commands: ***`/balance` to check how many point we have, `/rps` to play "Rock Paper Scissors" to gain points, `/dad` to gain 1 point, `/buy-flag` to buy flag for 10000 points***

**First, let's check our balance:**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230401225541.png)

We got 0 point.

**Then, gain 1 point by using `/dad` command:**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230401225613.png)

**Next, use `/rps` to play "Rock Paper Scissors":**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230401225700.png)

Hmm... we can't wager 0 points...

I wonder can we go negative points:

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230401225747.png)

Ohh!! We can! And we gain 1 point!!

**Let's use that logic vulnerbility to gain 9999999 points!!**
```
/rps choice:Rock wager:-9999999
```

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230401225855.png)

Boom! We have 10000001 points!!

**Finally, we can use `/buy-flag` command to buy the flag!**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230401230008.png)

- **Flag: `RS{TWO_NEGATIVES_DO_MAKE_A_POSITIVE}`**

## Conclusion

What we've learned:

1. Exploiting Logic Vulnerability

Original writeup (https://siunam321.github.io/ctf/RITSEC-CTF-2023/Chandi-Bot/Chandi-Bot-1-6/#chandi-bot-4).

Chandi Bot 4

Comments

Sign in with