LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@colza_

picoGym Exclusive writeup Picker II

Posted at

Picker II (Reverse Engineering)

Can you figure out how this program works to get the flag? Connect to the program with netcat: $ nc saturn.picoctf.net 57878 The program's source code can be downloaded here.

添付ファイル
・picker-II.py

picker-II.pyを見てみる。win関数がある。

def win():
  # This line will not work locally unless you create your own 'flag.txt' in
  #   the same directory as this script
  flag = open('flag.txt', 'r').read()
  #flag = flag[:-1]
  flag = flag.strip()
  str_flag = ''
  for c in flag:
    str_flag += str(hex(ord(c))) + ' '
  print(str_flag)

が、しかし、

  if 'win' in user_input:
    return False
  return True

winが入っているとはじかれるらしい。

if( filter(user_input) ):
    eval(user_input + '()')

入力を実行してくれるみたいだ。
open('flag.txt', 'r').read()printで出力させる。

> nc saturn.picoctf.net 53805
==> print(open('flag.txt', 'r').read())
picoCTF{f1l73r5_f41l_c0d3_r3f4c70r_m1gh7_5ucc33d_95d44590}
'NoneType' object is not callable

フラグが得られた。

picoCTF{f1l73r5_f41l_c0d3_r3f4c70r_m1gh7_5ucc33d_95d44590}

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?