Go to Qiita Advent Calendar 2024 Top
LoginSignup
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@kk0128

【HTB Cyber Apocalypse 2024】:Misc -Character-Writeup

Posted at

問題概要

Security through Induced Boredom is a personal favourite approach of mine. Not as exciting as something like The Fray, but I love making it as tedious as possible to see my secrets, so you can only get one character at a time!

退屈を誘うことによるセキュリティは、私の個人的なお気に入りのアプローチです。 The Fray のようなものほどエキサイティングではありませんが、自分の秘密を見るのをできるだけ退屈にするのが好きなので、一度に 1 つのキャラクターしか入手できません。

netcatでリクエストを送るとindex番号の文字列が表示される。

┌──(kali㉿kali)-[~]
└─$ nc 83.136.253.251 32407
Which character (index) of the flag do you want? Enter an index: 0
Character at Index 0: H
Which character (index) of the flag do you want? Enter an index: 1 
Character at Index 1: T
Which character (index) of the flag do you want? Enter an index: 2
Character at Index 2: B
Which character (index) of the flag do you want? Enter an index: 3
Character at Index 3: {
Which character (index) of the flag do you want? Enter an index: 4
Character at Index 4: t
Which character (index) of the flag do you want? Enter an index: 5
Character at Index 5: H
Which character (index) of the flag do you want? Enter an index:

解法

まずは最大の番号を調べると、103まであることが分かった。

Which character (index) of the flag do you want? Enter an index: 100
Character at Index 100: g
Which character (index) of the flag do you want? Enter an index: 120
Index out of range!
Which character (index) of the flag do you want? Enter an index: 110
Index out of range!
Which character (index) of the flag do you want? Enter an index: 105
Index out of range!
Which character (index) of the flag do you want? Enter an index: 104
Index out of range!
Which character (index) of the flag do you want? Enter an index: 103
Character at Index 103: }
Which character (index) of the flag do you want? Enter an index:

すべて手作業で行うのは面倒なのでスクリプトを書いた。

#!/bin/bash

HOST=""
PORT=
response=""

for ((i=0; i<=103; i++)); do
    response="$response$(echo $i | nc -q 1 $HOST $PORT | awk '{print $17}')"
    echo "Sent index: $i"
    sleep 1
done

echo "Finish"
echo "$response"

これを実行してフラグゲット。

Sent index: 99
Sent index: 100
Sent index: 101
Sent index: 102
Sent index: 103
Finish
HTB{tH15_1s_4_r3aLly_l0nG_fL4g_i_h0p3_f0r_y0Ur_s4k3_tH4t_y0U_sCr1pTEd_tH1s_oR_els3_iT_t0oK_qU1t3_l0ng!!}
1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?