URL: http://score.quals.seccon.jp/question/
Type: programming
Solution: SECCON{Programming is so fun!}
Description
nc number.quals.seccon.jp 31337
The server gives us a list of numbers and asks for the maximum or the minimum one. If the answer is correct, it gives us a list with one more number, and so on… As the list grows, numbers becomes bigger:
$ nc number.quals.seccon.jp 31337 0, 0 The maximum number? 0 -5, 9, 1 The minimum number? -5 1, -7, 3, 4 The maximum number? 4 3, 6, 2, 7, 7 The maximum number? Timeout, bye.
So we have to code a client that, for each received list, compute the desired value and send it back to the server… until it gives us the flag:
import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('number.quals.seccon.jp', 31337)) data = s.recv(8192).split('\n') while (data[0]): try: numbers = map(int, data[0].split(',')) if (data[1] == 'The maximum number? '): print "max(", numbers, ") =", max(numbers) x = s.send(str(max(numbers))) elif (data[1] == 'The minimum number? '): print "min(", numbers, ") =", min(numbers) x = s.send(str(min(numbers))) except: print data data = s.recv(8192).split('\n') s.close()
Finally, after 100 iterations we get the flag!
max( [-4, 4] ) = 4 max( [1, 3, 2] ) = 3 max( [-9, -4, 3, 8] ) = 8 ... min( [-3144999375, -1195602288, 237850027, 3261265588, -1686313931, -387316384, -200569824, -651908171, -3069922669, -2269670208, -1360848382, 1986195573, 3704479801, -792826864, -1441318708, -4039021871, 748001500, 828071493, 465971451, 964876192, 4051266865, 2651440071, 2884877580, -145852280, -569404145, -2977853116, 1571343842, -1385821802, -1989758754, -137827045, -3497485121, 448878235, 11313686, 3112801073, 3328813823, 1030103736, 4196680200, -3660664202, 2423983419, 3690066212, 1015080563, -2478557474, 483667363, -3534858468, -678720140, 4205426931, 3478238, -1378341982, -859402462, 3358120717, -1825035146, 1819028946, 3744426158, 1320183842, -2467863570, -2483503129, -2250808386, -3384959141, 1177772637, -2770892507, -3635643351, -143971921, 1856091826, -233966483, 1195158796, -2049673570, 3539237436, -3371110150, -4150870004, -1490616940, -3315102063, 2845728558, 4213419097, -3421736475, 2902860513, 3742581048, 2497557376, -2980040530, 3003177660, 2092331943, -3663080141, 1395488399, 1886972843, 1635687564, -2117657232, 3561517789, 1907591016, 216735961, 59041976, -4110077691, 2006896479, 2174177639, -670692853, 2854829132, -3979535484, 3219540788, -612554599, 3300939104, 1545949105, -844604313, -4051502478] ) = -4150870004 ['Congratulations!', ''] ['The flag is SECCON{Programming is so fun!}', '']