Shearwater CTF: myfirst_math

This one took a little bit of network trickery, connecting to a remote server and responding to requests quickly, else your connection gets dropped.

The first attempt was to do it manually, thinking it was just a few simple ones. I rapidly realised it was going to ask many questions of me - 125 to be exact. Thankfully it was the same five questions. The question “what is the substitution” really threw me, because it’s supposed to be a math challenge, and I tried a whole load of things before I realised it was just letting me through anyway.

I really enjoyed learning a little more about socket manipulation, and I’m planning on reimplementing the challenge so I can test myself from the other side :)

Here’s the code for the solution, it’s fairly simple - parse the question, then grab the values and respond.

#!/usr/bin/python

import socket
import re
import sys

host = "exploit1.ctf.shearwater.com.au"
port = 31439
remote_ip = socket.gethostbyname( host )

numfinder = re.compile( "\d+ \d+" )

try:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((remote_ip , port))
except:
	print( "Failed to open socket" )
	sys.exit()

def doit( s ):
	# heading/question
	reply1 = s.recv( 1024 )
	print( reply1 )
	if "flag" in reply1: 
		# got the flag, can stop now!
		sys.exit()
	reply = s.recv( 1024 )
	#get rid of the occasional extra line
	for line in [ line.strip() for line in  reply.split("\n") if line.strip() != "" ]:
		print( line )
		# confirm it's the numbers!
		if numfinder.findall( line ) != []:
			nums = [ int( num ) for num in line.split() ]
			if "multipl" in reply1:
				resp = str( nums[0] * nums[1] )
			elif "sum" in reply1:
				resp = str( nums[0] + nums[1] )
			elif "modul" in reply1:
				resp = str( nums[0] % nums[1] )
			elif "divi" in reply1:
				resp = str( nums[0] / nums[1] )
			else :
				#substition takes garbage
				resp = "."
			s.sendall( resp )
			print "Sent '{}'".format(resp)	

# ignore the welcome text
reply = s.recv(1024)
print reply

while True:
	doit(s)

And here’s the output:

$ ./myfirst_math.py 
Welcome to a race of speed! Only the hare can proceed..

How fast can you math?
What is the sum?
75 28
Sent 103
What is the substitution?

53 57
Sent '.'
What is the multiplication?

45 96
Sent '4320'
What is the division no remainder?

236 30
Sent '7'
What is the modulus?

111 24
Sent '15'
What is the sum?

74 27
Sent '101'
What is the substitution?

26 90
Sent '.'
What is the multiplication?

98 8
Sent '784'
What is the division no remainder?

515 16
Sent '32'
What is the modulus?

237 60
Sent '57'
What is the sum?

12 69
Sent '81'
What is the substitution?

55 8
Sent '.'
What is the multiplication?

91 26
Sent '2366'
What is the division no remainder?

366 82
Sent '4'
What is the modulus?

698 48
Sent '26'
What is the sum?

98 86
Sent '184'
What is the substitution?

16 70
Sent '.'
What is the multiplication?

69 19
Sent '1311'
What is the division no remainder?

524 41
Sent '12'
What is the modulus?

989 38
Sent '1'
What is the sum?

15 60
Sent '75'
What is the substitution?

98 100
Sent '.'
What is the multiplication?

73 30
Sent '2190'
What is the division no remainder?

511 90
Sent '5'
What is the modulus?

197 64
Sent '5'
What is the sum?

61 32
Sent '93'
What is the substitution?

46 76
Sent '.'
What is the multiplication?

69 90
Sent '6210'
What is the division no remainder?

628 77
Sent '8'
What is the modulus?

829 87
Sent '46'
What is the sum?

40 47
Sent '87'
What is the substitution?

2 62
Sent '.'
What is the multiplication?

36 89
Sent '3204'
What is the division no remainder?

360 93
Sent '3'
What is the modulus?

728 2
Sent '0'
What is the sum?

6 29
Sent '35'
What is the substitution?

82 21
Sent '.'
What is the multiplication?

79 66
Sent '5214'
What is the division no remainder?

784 93
Sent '8'
What is the modulus?

828 61
Sent '35'
What is the sum?

64 80
Sent '144'
What is the substitution?

30 100
Sent '.'
What is the multiplication?

100 83
Sent '8300'
What is the division no remainder?

189 20
Sent '9'
What is the modulus?

114 40
Sent '34'
What is the sum?

8 80
Sent '88'
What is the substitution?

16 99
Sent '.'
What is the multiplication?

28 85
Sent '2380'
What is the division no remainder?

645 10
Sent '64'
What is the modulus?

507 78
Sent '39'
What is the sum?

54 99
Sent '153'
What is the substitution?

70 29
Sent '.'
What is the multiplication?

60 69
Sent '4140'
What is the division no remainder?

892 37
Sent '24'
What is the modulus?

117 56
Sent '5'
What is the sum?

14 59
Sent '73'
What is the substitution?

36 92
Sent '.'
What is the multiplication?

10 2
Sent '20'
What is the division no remainder?

958 42
Sent '22'
What is the modulus?

896 43
Sent '36'
What is the sum?

37 93
Sent '130'
What is the substitution?

19 38
Sent '.'
What is the multiplication?

100 75
Sent '7500'
What is the division no remainder?

261 64
Sent '4'
What is the modulus?

814 2
Sent '0'
What is the sum?

73 99
Sent '172'
What is the substitution?

19 96
Sent '.'
What is the multiplication?

85 78
Sent '6630'
What is the division no remainder?

659 50
Sent '13'
What is the modulus?

813 53
Sent '18'
What is the sum?

51 11
Sent '62'
What is the substitution?

60 45
Sent '.'
What is the multiplication?

64 30
Sent '1920'
What is the division no remainder?

121 16
Sent '7'
What is the modulus?

505 6
Sent '1'
What is the sum?

66 72
Sent '138'
What is the substitution?

68 44
Sent '.'
What is the multiplication?

35 12
Sent '420'
What is the division no remainder?

499 51
Sent '9'
What is the modulus?

280 38
Sent '14'
What is the sum?

20 54
Sent '74'
What is the substitution?

45 83
Sent '.'
What is the multiplication?

54 58
Sent '3132'
What is the division no remainder?

626 87
Sent '7'
What is the modulus?

430 55
Sent '45'
What is the sum?

96 2
Sent '98'
What is the substitution?

29 36
Sent '.'
What is the multiplication?

29 72
Sent '2088'
What is the division no remainder?

118 25
Sent '4'
What is the modulus?

344 95
Sent '59'
What is the sum?

96 55
Sent '151'
What is the substitution?

64 43
Sent '.'
What is the multiplication?

29 57
Sent '1653'
What is the division no remainder?

542 80
Sent '6'
What is the modulus?

764 80
Sent '44'
What is the sum?

58 23
Sent '81'
What is the substitution?

22 55
Sent '.'
What is the multiplication?

90 74
Sent '6660'
What is the division no remainder?

244 47
Sent '5'
What is the modulus?

635 37
Sent '6'
What is the sum?

5 30
Sent '35'
What is the substitution?

21 93
Sent '.'
What is the multiplication?

68 75
Sent '5100'
What is the division no remainder?

295 76
Sent '3'
What is the modulus?

633 30
Sent '3'
What is the sum?

51 17
Sent '68'
What is the substitution?

81 52
Sent '.'
What is the multiplication?

52 22
Sent '1144'
What is the division no remainder?

938 63
Sent '14'
What is the modulus?

827 31
Sent '21'
What is the sum?

7 9
Sent '16'
What is the substitution?

39 65
Sent '.'
What is the multiplication?

52 42
Sent '2184'
What is the division no remainder?

970 38
Sent '25'
What is the modulus?

591 69
Sent '39'
What is the sum?

85 62
Sent '147'
What is the substitution?

22 28
Sent '.'
What is the multiplication?

63 19
Sent '1197'
What is the division no remainder?

787 27
Sent '29'
What is the modulus?

590 85
Sent '80'
What is the sum?

92 15
Sent '107'
What is the substitution?

10 99
Sent '.'
What is the multiplication?

79 45
Sent '3555'
What is the division no remainder?

987 60
Sent '16'
What is the modulus?

593 47
Sent '29'

And of course, the flag:

flag{C0ngrats_0n_maTh1ng_m3}