Friends

点击此处获得更好的阅读体验

WriteUp来源

https://dunsp4rce.github.io/csictf-2020/miscellaneous/2020/07/22/Friends.html

by shreyas-sriram

题目描述

I made a really complicated math function. Check it out.

题目考点

解题思路

Go through the given source code to realize that the input entered goes through a set of manipulations
And to get the flag, the result of manipulations should not be equal to the input number
It can also be seen that the input should be between 3 and 100
Running the code locally with different inputs tells us that there is no way to meet the necessary conditions to get the flag by entering a number
One interesting thing to note is that the input lands inside float()

1	x = round(float(input()), 0)

Reading up on float(), we realize that it takes nan as input
Using nan as input, we meet the necessary conditions and namo.txt is obtained
namo.txt is basically a conditional statement-expanded-code-snippet of the flag written in namo
Flag can be obtained by parsing the file

Response File

Mitrooon
bhaiyo aur behno "Enter a number"
mann ki baat nambar

agar nambar barabar 1 hai {
  bhaiyo aur behno "s"
}

nahi toh agar nambar barabar 13 hai {
  bhaiyo aur behno "_"
}


nahi toh agar nambar barabar 15 hai {
  bhaiyo aur behno "5"
}


nahi toh agar nambar barabar 22 hai {
  bhaiyo aur behno "4"
}


nahi toh agar nambar barabar 28 hai {
  bhaiyo aur behno "k"
}


nahi toh agar nambar barabar 8 hai {
  bhaiyo aur behno "y"
}


nahi toh agar nambar barabar 17 hai {
  bhaiyo aur behno "4"
}


nahi toh agar nambar barabar 9 hai {
  bhaiyo aur behno "_"
}


nahi toh agar nambar barabar 4 hai {
  bhaiyo aur behno "t"
}


nahi toh agar nambar barabar 3 hai {
  bhaiyo aur behno "c"
}


nahi toh agar nambar barabar 20 hai {
  bhaiyo aur behno "r"
}


nahi toh agar nambar barabar 12 hai {
  bhaiyo aur behno "n"
}


nahi toh agar nambar barabar 0 hai {
  bhaiyo aur behno "c"
}


nahi toh agar nambar barabar 23 hai {
  bhaiyo aur behno "t"
}


nahi toh agar nambar barabar 27 hai {
  bhaiyo aur behno "0"
}


nahi toh agar nambar barabar 10 hai {
  bhaiyo aur behno "n"
}


nahi toh agar nambar barabar 11 hai {
  bhaiyo aur behno "4"
}


nahi toh agar nambar barabar 7 hai {
  bhaiyo aur behno "m"
}


nahi toh agar nambar barabar 25 hai {
  bhaiyo aur behno "c"
}


nahi toh agar nambar barabar 24 hai {
  bhaiyo aur behno "_"
}


nahi toh agar nambar barabar 6 hai {
  bhaiyo aur behno "{"
}


nahi toh agar nambar barabar 16 hai {
  bhaiyo aur behno "_"
}


nahi toh agar nambar barabar 18 hai {
  bhaiyo aur behno "_"
}


nahi toh agar nambar barabar 2 hai {
  bhaiyo aur behno "i"
}


nahi toh agar nambar barabar 5 hai {
  bhaiyo aur behno "f"
}


nahi toh agar nambar barabar 19 hai {
  bhaiyo aur behno "g"
}


nahi toh agar nambar barabar 14 hai {
  bhaiyo aur behno "1"
}


nahi toh agar nambar barabar 21 hai {
  bhaiyo aur behno "3"
}


nahi toh agar nambar barabar 26 hai {
  bhaiyo aur behno "0"
}


nahi toh agar nambar barabar 29 hai {
  bhaiyo aur behno "}"
}

nahi toh {
  bhaiyo aur behno ""
}

achhe din aa gaye

Solution File

#!/bin/bash

touch namo.txt
touch temp.txt

echo "nan" > payload.txt

# get nc response
cat payload.txt | nc chall.csivit.com 30425 > namo.txt

# get indexes
index=($(grep -o " [0-9]\{1,2\} " namo.txt))

# get bits of flag
bits=($(grep -o "\".\"" namo.txt))

# match the indexes with the flag and store in file
for(( j=0 ; j<${#index[@]} ; j++ ))
do
  printf -v s "%02d" ${index[$j]} # format index
  echo "$s:${bits[$j]}" >> temp.txt
done

# sort file and get flag
flag=($(sort temp.txt | cut -d '"' -f 2))

# remove files
rm namo.txt
rm temp.txt
rm payload.txt

printf %s "${flag[@]}" $'\n'

Flag

1	csictf{my_n4n_15_4_gr34t_c00k}