NM01 - 250pts

Briefing

Retrieve output from network endpoint at cfta-nm01.allyourbases.co port 8017 and figure out how to get the flag.

Solution

  1. 1.
    Let's connect to the service using netcat and see what we're dealing with:
    1
    $ nc cfta-nm01.allyourbases.co 8017
    2
    \x47\x4A\x52\x57\x5A\x44
    3
    a
    4
    Incorrect
    Copied!
  2. 2.
    It seems to output some hexadecimal. Let's try again and input the ascii representation:
    1
    $ nc cfta-nm01.allyourbases.co 8017
    2
    \x55\x45\x57\x45\x4F\x4B
    3
    UEWEOK
    4
    Too slow!
    Copied!
  3. 3.
    Okay, we need to do it faster. So, let's write a script that connects, converts the hexadecimal to ascii, submits the ascii representation, and then hopefully get the flag.
  4. 4.
    script.py uses pwntools to do just that. Running the script produces the following output:
    1
    [+] Opening connection to cfta-nm01.allyourbases.co on port 8017: Done
    2
    Decoded String: YXDKJZ
    3
    [*] Switching to interactive mode
    4
    Correct! - Flag: o[hex]=>i[ascii]=:)
    5
    [*] Got EOF while reading in interactive
    6
    [*] Closed connection to cfta-nm01.allyourbases.co port 8017
    7
    [*] Got EOF while sending in interactive
    Copied!

Flag

o[hex]=>i[ascii]=:)
Copy link