Skip to content

Gluttony (Tomato)

Jump to bottom
ozetta edited this page Apr 30, 2019 · 1 revision

Summary

Sanity Check with PoW

Info

Source code

<?=@(($_=$_GET["🍅"])&&!(crc32(md5($_,1))>>11))?`$_`:!highlight_file(__FILE__);

Solved: 5 / 32

  • Just run /checksec.sh;[Some_Nonce]...

Description

Very simple if you know what you should do, i.e. execute /checksec.sh. Sanity check nowadays are sometimes quite difficult, e.g. finding the flag in somewhere in IRC, but still manageable. Some teams even compete for sanity check questions... What's the point. Don't just aim for the simplest question if you play CTF.

Another issue of CTF questions is there are too many unreasonable PoW or brute-forcing. Rate limiting with PoW is good for the server but hinder the beginners a lot. And maybe you need a lab of computers or cryptominers to solve PoW in a reasonable time. Originally the challenge did not have >>11 so you will need to brute force 4294967296 times on average. I'll just skip these challenges and save some computation power to watch anime.

Side note: Kaibro submit the flag in 3 seconds after the CTF started. This is interesting because it looks impossible. The reason is I put the platform at port 8000 and questions at 8001 to 8007, so it is easy to guess. First blood before the CTF starts.

Official Solution

Spoiler alert 
🍅=/checksec.sh;1650520

<?php
for($i=0;$i<2097152;$i++){
	$p = "/checksec.sh;".$i;
	$d = crc32(md5($p,1))>>11;
	if(!$d){
		echo $p;
		break;
	}
}

Write-ups

No write-ups for sanity check

Clone this wiki locally