Defcon 2015 Quals - mathwhiz solution

Category: Baby's First Points: 1

The information given to us:

mathwhiz_c951d46fed68687ad93a84e702800b7a.quals.shallweplayaga.me:21249

After connecting to it we can see it's giving us mathematical operations and he's waiting for the result. The solution is pretty easy. Get the data and pass it to python eval and return the result to the server.

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import re
from pwn import *

r = remote("mathwhiz_c951d46fed68687ad93a84e702800b7a.quals.shallweplayaga.me", 21249)

def ret_calc_level1(x):
    global r
    return re.search(r'(.*).*=', x).group(1)

while True:
    data = r.recvdata()
    if "won" in data:
        break
    data = data.replace("[", "(")
    data = data.replace("{", "(")
    data = data.replace("}", ")")
    data = data.replace("]", ")")
    data = data.replace("THREE", "3")
    data = data.replace("TWO", "2")
    data = data.replace("ONE", "1")
    data = data.replace("^", "**")
    print data
    data_1 = str(ret_calc_level1(data))
    res = eval(data_1)
    print "Res:", str(res)
    r.senddata("%d" % res)
log.info(data)
log.info(r.recvline())
r.close()

The flag is:

Farva says you are a FickenChucker and you'd better watch Super Troopers 2

boogy
/dev/null