Math Test
Complete this simple math test to get the flag.
We are given a server that generates mathematical expressions:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import random
from flag import FLAG
def genRandMath():
eqn = f'{random.randint(-1000, 1000)}'
eqn = f"{eqn} {random.choice(['+', '*', '-', '//'])} {random.randint(-1000, 1000)}"
while random.randint(0, 3) != 1:
eqn = f"{eqn} {random.choice(['+', '*', '-', '//'])} {random.randint(-1000, 1000)}"
try:
res = eval(eqn)
return eqn, res
except ZeroDivisionError:
return genRandMath()
print("Welcome to a simple math test.")
print("If you solve these basic math questions, I will give you the flag.")
print("Good Luck")
for i in range(1000):
eqn, correct = genRandMath()
print(f"Question: {eqn}")
res = int(input("Answer: "))
if res != correct:
print(f"Wrong!! Correct answer is {correct}")
exit()
print(f"Correct {i+1}/1000")
print(f"Congratz! Here is the flag {FLAG}")
If we respond correctly to all questions, we get the flag. We can write a script using pwntools that fetches the current equation and calls eval on it to get the result:
1
2
3
4
5
6
7
8
9
10
from pwn import *
context.log_level = "debug"
io = remote("34.66.235.106", 5000)
while True:
current = io.readuntil(b"Answer: ").split(b"\n")[-2].split(b": ")[1].decode()
log.info(current)
result = eval(current)
io.sendline(str(result).encode())
This post is licensed under CC BY 4.0 by the author.