Skip to content

Latest commit

 

History

History
 
 

[Very Easy] Stop Drop and Roll

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
challenge
challenge
 
 
htb
htb
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
build_docker.sh
build_docker.sh
 
 

README.md

Stop Drop and Roll

​ 8th March 2024

​ Challenge Author: ir0nstone

Synopsis

Stop Drop and Roll is a Very Easy misc coding challenge where the remote server sends you scenarios and you must script a response to them.

Description

The Fray: The Video Game is one of the greatest hits of the last... well, we don't remember quite how long. Our "computers" these days can't run much more than that, and it has a tendency to get repetitive...

Skills Required

  • Basic programming skills

Skills Learned

  • Scripting remote connections

Enumeration

Connecting to the server gives us this prompt:

$ nc localhost 1337
===== THE FRAY: THE VIDEO GAME =====
Welcome!
This video game is very simple
You are a competitor in The Fray, running the GAUNTLET
I will give you one of three scenarios: GORGE, PHREAK or FIRE
You have to tell me if I need to STOP, DROP or ROLL
If I tell you there's a GORGE, you send back STOP
If I tell you there's a PHREAK, you send back DROP
If I tell you there's a FIRE, you send back ROLL
Sometimes, I will send back more than one! Like this: 
GORGE, FIRE, PHREAK
In this case, you need to send back STOP-ROLL-DROP!
Are you ready? (y/n)

The instructions are pretty clear - we have to take in a list of GORGE, PHREAK and FIRE prompts and return the instructions STOP, DROP or ROLL depending on the prompt.

Solution

We will script this challenge using pwntools. First start a connection:

from pwn import *

p = remote('<IP>', <PORT>)

Then we want to send y to start the game and receive the response.

p.sendlineafter(b'(y/n) ', b'y')
p.recvline()

Now we'll start an infinite loop, taking in a line of input. We then want to replace every , with -, every GORGE with STOP, every PHREAK with DROP and every FIRE with ROLL. After this, we send it back.

If the line we receive has no GORGE, PHREAK or FIRE, it's probably returned the flag to us, so we just print out the line and quit the loop.

while True:
    recv = p.recvlineS().strip()

    if 'GORGE' not in recv and 'PHREAK' not in recv and 'FIRE' not in recv:
        print(recv)
        break

    result = recv.replace(", ", "-")
    result = result.replace("GORGE", "STOP")
    result = result.replace("PHREAK", "DROP")
    result = result.replace("FIRE", "ROLL")

    p.sendlineafter(b'do? ', result.encode())

Running this against the server, we get the flag!