We start by connecting to the provided server:
nc 94.237.56.248 34841
We are greeted with the following message:
===== THE FRAY: THE VIDEO GAME =====
Welcome!
This video game is very simple
You are a competitor in The Fray, running the GAUNTLET
I will give you one of three scenarios: GORGE, PHREAK or FIRE
You have to tell me if I need to STOP, DROP or ROLL
If I tell you there's a GORGE, you send back STOP
If I tell you there's a PHREAK, you send back DROP
If I tell you there's a FIRE, you send back ROLL
Sometimes, I will send back more than one! Like this:
GORGE, FIRE, PHREAK
In this case, you need to send back STOP-ROLL-DROP!
Are you ready? (y/n)
We automate this using
import pwn
import sys
def solve(r: pwn.remote):
moves = {
"GORGE": b"STOP",
"PHREAK": b"DROP",
"FIRE": b"ROLL",
}
r.recvuntil(b"Are you ready? (y/n)")
r.sendline(b"y")
r.recvuntil(b"Ok then! Let's go!")
while True:
try:
response = r.recvuntil(b"?")
except:
print(response.decode("utf-8"))
break
print("Response:", response.decode("utf-8"))
command = response.decode("utf-8").split("\n")[-2]
print(f"Command: {command}")
commands = command.split(", ")
commands = [c.strip() for c in commands]
commands = [c for c in commands if c in moves]
move = b""
for c in commands:
move += moves[c]
move += b"-"
move = move[:-1]
print(f"Move: {move}")
r.sendline(move)
print()
r.interactive()
def conn():
if len(sys.argv) != 3:
print(f"Usage: {sys.argv[0]} REMOTE remote-ip remote-port")
sys.exit(1)
r = pwn.remote(sys.argv[1], sys.argv[2])
return r
def main():
r = conn()
solve(r)
if __name__ == "__main__":
main()
Running this script gives us the flag:
python3 play_game.py 94.237.56.248 34841
...
What do you do?
Command: PHREAK
Move: b'DROP'
Response: FIRE
What do you do?
Command: FIRE
Move: b'ROLL'
FIRE
What do you do?
[*] Switching to interactive mode
Fantastic work! The flag is HTB{1_wiLl_sT0p_dR0p_4nD_r0Ll_mY_w4Y_oUt!}
[*] Got EOF while reading in interactive