RPS
Description
Here's a program that plays rock, paper, scissors against you. I hear something good happens if you win 5 times in a row.
Connect to the program with netcat:
nc saturn.picoctf.net 53296
The program's source code with the flag redacted can be downloaded here.
Solving
-
Checking the code (as mentioned in the hint of the challenge)
-
In the
playfunction we can see, that the program uses thestrstr()method to check who wins.
This is the line in the codeif (strstr(player_turn, loses[computer_turn])) { -
This is the manual of the
strstr()method.str1 C string to be scanned. str2 C string containing the sequence of characters to match. -
If we send every possible anwser, we should always win 🙂
-
So you should get the flag if you send: `rockscissorspaper`
-
Because we dont want to do this on our own, I have a python script to play against the bot.
#!/usr/bin/env python
from pwn import *
ip, port = "saturn.picoctf.net", 53296
p = log.progress('Working')
p.status("Let me get the flag for you real quick...!")
try:
s = remote(ip, port)
for i in range(5):
p.status("Playing " + str(i+1)+". game!")
s.recvuntil(b"exit the program")
s.sendline(b"1")
s.recvuntil(b"(rock/paper/scissors):")
s.sendline(b"rockpaperscissors")
s.recvuntil(b"Congrats, here's the flag!")
flag =s.recvuntil(b"}").decode('utf-8')
p.success("Successfully obtained flag.")
except:
print("Couldn't connect :'( ")
s.close()
print(flag)
print("Bye bye!")