8th March 2024
Challenge Author: ir0nstone
Character is a Very Easy misc coding challenge where the remote server prompts you repeatedly for an index of the flag, and when you enter an index it will return the character at that index.
Security through Induced Boredom is a personal favourite approach of mine. Not as exciting as something like The Fray, but I love making it as tedious as possible to see my secrets, so you can only get one character at a time!
- Basic programming skills
- Scripting remote connections
Connecting to the server gives us this prompt:
$ nc <ip> <port>
Which character of the flag do you want? Enter an index:
If we input 0
, 1
, etc consecutively, we can see what's happening:
Which character of the flag do you want? Enter an index: 0
Character at Index 0: H
Which character of the flag do you want? Enter an index: 1
Character at Index 1: T
Which character of the flag do you want? Enter an index: 2
Character at Index 2: B
The first three characters are HTB
. This is clearly leaking the flag!
To solve the challenge, we simply have to start at index 0
and increment it, querying the server for every index. We can script this using pwntools. First start a connection:
from pwn import *
p = remote('<IP>', <PORT>)
Then we want to create an empty flag
string to add onto, and an index counter idx
that starts at 0
:
flag = ''
idx = 0
Now we'll start an infinite loop, incrementing the index we ask for by 1
every time to grab every index. If the character we get is }
, we know we've reached the end of the flag.
while True:
p.sendlineafter(b'index: ', str(idx).encode())
p.recvuntil(b': ')
char = p.recvS(1)
flag += char
idx += 1
if char == '}':
break
print(flag)
We get the flag!