Лаборатория RuCTF 2013 Quals - Vuln [100]

uid0-man
, 16 марта 2013

A source file is given.

-module(main).

work() ->
    receive 
        {_,_,{A,B,C,_},_,_} ->  
        {ok, S} = gen_udp:open(random:uniform(20000) + 1025),
        {ok, D} = file:read_file("key"),
        lists:map(
            fun({Y,X}) -> gen_udp:send(S, erlang:list_to_tuple(X), 1338, Y) end,            lists:zip(
                erlang:binary_to_list(D),
                lists:sort(
                    lists:map(fun(_) -> [A,B,C,random:uniform(253) + 1] end, lists:seq(1,33))           
                )
            )       
        )       
    end,    
    work().

As we can see it sends 33 flag characters one by one on each A.B.C.x IP address. IP addresses' list is arranged in non-decreasing order. That means that the first character will be sent on the first IP in list, second - on the second and so on. Variables A,B,C is actualy three bytes of our IP address.

All we need is to set IP addresses from A.B.C.1 to A.B.C.254. Then open wireshark. After that send some data to the task. In wireshark will appear characters: each in separate package. Assemble flag in non-decreasing order of source IP addresses.

Done. You are awesome!

Авторизуйтесь, что бы оставить комментарий