bytemancy2
⚒️ Bytemancy 2
| Category | Author |
|---|---|
| ⚒️ Binary Exploitation | LT ‘syreal’ Jones |
Challenge Prompt
Can you conjure the right bytes? The program’s source code can be downloaded here.
Additional details will be available after launching your challenge instance.
Problem Type
- Python
- pwntools
Solve
We are given the program source code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import sys
while(True):
try:
print('⊹──────[ BYTEMANCY-2 ]──────⊹')
print("☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐")
print()
print('Send me the HEX BYTE 0xFF 3 times, side-by-side, no space.')
print()
print("☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐")
print('⊹─────────────⟡─────────────⊹')
print('==> ', end='', flush=True)
user_input = sys.stdin.buffer.readline().rstrip(b"\n")
if user_input == b"\xff\xff\xff":
print(open("./flag.txt", "r").read())
break
else:
print("That wasn't it. I got: " + str(user_input))
print()
print()
print()
except Exception as e:
print(e)
break
This time we need to send the program \xff\xff\xff.
What may be a little misleading is CyberChef makes that look like a printable character, but if you look at the hints you will note it is not.
To solve this, we will need to use pwntools.
If you don’t have pwntools you will need to install it, it doens’t come with Kali by default.
You can install using:
1
2
3
sudo apt update
pipx install pwntools
pipx ensurepath
For our script we will use
1
2
3
4
5
6
7
8
9
10
11
from pwn import *
HOST = 'lonely-island.picoctf.net'
PORT = 64948
p = remote(HOST, PORT)
p.recvuntil(b'==> ')
p.sendline(b"\xff\xff\xff")
print(p.recvall().decode())
Make sure you use your host and port from the challenge instance you are given:
We can run the program and when we do that, we are presented with the flag!
