Hello world!
It’s been about three years since last and I’ve been doing a lot of things but blogging is not one of them. I’ve been looking at the Ringzer0 CTF again and will post some write ups but not all as it is good practice to do technical writing and to keep solving puzzles.
This week I’ve done the I saw a little elf challenge which I might post at a later time and just now I did the ASCII art challenge. We are presented with the following, A list of numbers written out with whitespace and x’es that need to be recognized and send back in the form of a string or a number. At first the approach was not obvious to me but what I decided to try was to treat it as patterns that need matching.
You have 2 seconds to send the number you see Send the answer back using https://ringzer0ctf.com/challenges/119/[number]
—– BEGIN MESSAGE —–
xxx
x x
x x
x x
xxx
xx
x x
x
x
xxxxx
xxx
x x
xx
x x
xxx
xxxxx
x
xxxx
x
xxxxx
xxx
x x
xx
x x
xxx
xx
x x
x
x
xxxxx
xxxxx
x
xxxx
x
xxxxx
xxx
x x
xx
x
xxxxx
xxxxx
x
xxxx
x
xxxxx
xxx
x x
x x
x x
xxx
—– END MESSAGE —–
There is a repeating pattern to each letter so step one is to define what a character is. And that is a bunch of whitespace and X’s arranged in five lines with some differing spacing in between. Refreshing the challenge a number of times gives six different characters that we need to recognize 1,2,3(or 8),4,5 and 0. The ‘3’ is difficult to separate from an eight given the character width of whitespace but is clearly a three if you replace the characters with a ‘.’ for example.
Solving the challenge
In order to implement pattern matching we need to prepare the input. As we get the challenge is encoded in HTML with all what it entails. All can easily be implemented with a simple shell script.
curl -sb ../../cookies.txt https://ringzer0ctf.com/challenges/119 | grep -A1 “BEGIN” | tail -1 > msg.txt
Replacing ‘<br />’ line breaks and the whitespace with periods and some further cleaning up we can get a nice list of characters to work with with a new character starting each fifth line. This can easily be done with some ‘sed’. In the end there is an empty line that I’d like to get rid of in the beginning which ‘tail -c +2’ takes care of
xes=$(sed -re 's/(<br \/>)+/\n/g' < msg.txt | sed -re 's/ /\./g' | \
sed -re 's/[\t\s]*//g' | tail -c +2)Next we just have to take five lines at a time and match the string to a table. Matching the characters can be done like this:
match () {
if [ "$*" = ".xx.. x.x.. ..x.. ..x.. xxxxx" ]; then
echo "1"
elif [ "$*" = ".xxx. x...x. ..xx. .x... xxxxx" ]; then
echo "2"
elif [ "$*" = ".xxx. x...x ..xx. x...x .xxx." ]; then
echo "3"
elif [ "$*" = ".x...x x....x .xxxxx .....x ....x" ]; then
echo "4"
elif [ "$*" = "xxxxx x.... .xxxx ....x xxxxx" ]; then
echo "5"
elif [ "$*" = ".xxx. x...x x...x x...x .xxx." ]; then
echo "0"
else
echo " "
fi
}And iterating the characters is easily done with a for loop and head | tail
answer=""
for char in {5..50..5}; do
c=$(echo "$xes" | head -$char | tail -5)
d=$(match $c)
answer="${answer}${d}"
done And voila! We can easily parse the challenge and submit our answer with curl back again!
curl -sb ../../cookies.txt "https://ringzer0ctf.com/challenges/119/$answer" | grep FLAGIf I get more free time I might start doing some more technical write ups or blogs about BSD or embedded engineering but time is sparse right now.
/Linuxxon