8th March 2024
Challenge Author: ir0nstone
Stop Drop and Roll is a Very Easy misc coding challenge where the remote server sends you scenarios and you must script a response to them.
The Fray: The Video Game is one of the greatest hits of the last... well, we don't remember quite how long. Our "computers" these days can't run much more than that, and it has a tendency to get repetitive...
- Basic programming skills
- Scripting remote connections
Connecting to the server gives us this prompt:
$ nc localhost 1337
===== THE FRAY: THE VIDEO GAME =====
Welcome!
This video game is very simple
You are a competitor in The Fray, running the GAUNTLET
I will give you one of three scenarios: GORGE, PHREAK or FIRE
You have to tell me if I need to STOP, DROP or ROLL
If I tell you there's a GORGE, you send back STOP
If I tell you there's a PHREAK, you send back DROP
If I tell you there's a FIRE, you send back ROLL
Sometimes, I will send back more than one! Like this:
GORGE, FIRE, PHREAK
In this case, you need to send back STOP-ROLL-DROP!
Are you ready? (y/n)
The instructions are pretty clear - we have to take in a list of GORGE
, PHREAK
and FIRE
prompts and return the instructions STOP
, DROP
or ROLL
depending on the prompt.
We will script this challenge using pwntools. First start a connection:
from pwn import *
p = remote('<IP>', <PORT>)
Then we want to send y
to start the game and receive the response.
p.sendlineafter(b'(y/n) ', b'y')
p.recvline()
Now we'll start an infinite loop, taking in a line of input. We then want to replace every ,
with -
, every GORGE
with STOP
, every PHREAK
with DROP
and every FIRE
with ROLL
. After this, we send it back.
If the line we receive has no GORGE
, PHREAK
or FIRE
, it's probably returned the flag to us, so we just print out the line and quit the loop.
while True:
recv = p.recvlineS().strip()
if 'GORGE' not in recv and 'PHREAK' not in recv and 'FIRE' not in recv:
print(recv)
break
result = recv.replace(", ", "-")
result = result.replace("GORGE", "STOP")
result = result.replace("PHREAK", "DROP")
result = result.replace("FIRE", "ROLL")
p.sendlineafter(b'do? ', result.encode())
Running this against the server, we get the flag!