Cyber Apocalypse
2024
StopDropAndRoll
The Fray; The Video Game is one of the greatest hits of the last... well, we don't remember quite how long. Our "computers" these days can't run much more than that, and it has a tendency to get repetitive...
Misc
300 points
Walkthrough
We start by connecting to the provided server:
nc 94.237.56.248 34841
We are greeted with the following message:
===== THE FRAY: THE VIDEO GAME =====
Welcome!
This video game is very simple
You are a competitor in The Fray, running the GAUNTLET
I will give you one of three scenarios: GORGE, PHREAK or FIRE
You have to tell me if I need to STOP, DROP or ROLL
If I tell you there's a GORGE, you send back STOP
If I tell you there's a PHREAK, you send back DROP
If I tell you there's a FIRE, you send back ROLL
Sometimes, I will send back more than one! Like this:
GORGE, FIRE, PHREAK
In this case, you need to send back STOP-ROLL-DROP!
Are you ready? (y/n)
We automate this using
pwntools
:import pwn
import sys
def solve(r: pwn.remote):
moves = {
"GORGE": b"STOP",
"PHREAK": b"DROP",
"FIRE": b"ROLL",
}
r.recvuntil(b"Are you ready? (y/n)")
r.sendline(b"y")
r.recvuntil(b"Ok then! Let's go!")
while True:
try:
response = r.recvuntil(b"?")
except:
print(response.decode("utf-8"))
break
print("Response:", response.decode("utf-8"))
command = response.decode("utf-8").split("\n")[-2]
print(f"Command: {command}")
commands = command.split(", ")
commands = [c.strip() for c in commands]
commands = [c for c in commands if c in moves]
move = b""
for c in commands:
move += moves[c]
move += b"-"
move = move[:-1]
print(f"Move: {move}")
r.sendline(move)
print()
r.interactive()
def conn():
if len(sys.argv) != 3:
print(f"Usage: {sys.argv[0]} REMOTE remote-ip remote-port")
sys.exit(1)
r = pwn.remote(sys.argv[1], sys.argv[2])
return r
def main():
r = conn()
solve(r)
if __name__ == "__main__":
main()
Running this script gives us the flag:
python3 play_game.py 94.237.56.248 34841
...
What do you do?
Command: PHREAK
Move: b'DROP'
Response: FIRE
What do you do?
Command: FIRE
Move: b'ROLL'
FIRE
What do you do?
[*] Switching to interactive mode
Fantastic work! The flag is HTB{1_wiLl_sT0p_dR0p_4nD_r0Ll_mY_w4Y_oUt!}
[*] Got EOF while reading in interactive
Was this helpful?