Logo
Day 15
Overview

Day 15

n nalo_
October 15, 2024
2 min read
ctf writeup huntress

misc/sekiro

Sekiro
Author
n nalo_
Category
misc

This challenge gives us a remote container to connect to, and almost no detail (except a japanese sentence claiming our past death). Once connected using netcat, we can see a beautiful ascii art of a samuraï, a loading character, some japanese sentence, what seems like an action from our opponent, an input, and after a bit, we’re disconnected.

At this point of the challenge, we still don’t know what we’re supposed to do. However, it seems like we have to beat our opponent. We don’t know what are the rules of the game, neither what we can input, but it is surely the same actions as our opponent.

Do you know what to do?

After messing up a bit by login again and trying some inputs, we are not disconnected, and the opponent is giving a new move. We learnt that we have to beat them multiple time..

Keep trying some actions (or moves), we finaly seems to find every action that beats the ones of our opponent:

Opponent’s moveMove to win
BlockAdvance
AdvanceRetreat
RetreatStrike
StrikeBlock

Writing the good inputs 4 times in a row and we beat it!… right? Of course not, our opponent is really strong…

Yet another round

After another japanese sentence, here we are at it again. But this time, I can’t event finish to type my action before being disconnecting. Dang, should we be faster? Maybe I can do it for this round, but who knows if there’s another one after this one that will be even faster, and so on.

The solution to address this issue is to script our actions. Using pwntools library, we can easily connect to a remote, listen to inputs and send text back.

Here’s my script:

import pwn


IP = "challenge.ctf.games"
PORT = 99999


conn = pwn.remote(IP, PORT)


ACTIONS = {"block": "advance", "strike": "block", "advance": "retreat", "retreat": "strike"}


for turn in range(3):   # 3 turns, faster and faster
    for _ in range(4):  # 4 actions per turn
        conn.recvuntil(b"Opponent move:")  # ignore random text
        data = conn.recvline().decode()    # listen our opponent's action
        print("<", data.strip())
        move = ACTIONS[data.strip()]       # deciding our move based on their's
        print(">", move)
        conn.sendline(move.encode())       # sending our move
    print("------")
print(conn.recvall().decode())             # show final output, containing flag

And that’s it!

misc/1200-transmissions

1200 Transmissions
Category
misc

TODO