Skip to main content

VULNERABLE_ADVENTURE

Run the client, switch the delegate, get the flag

Challenge author : smcri
  • Fichier : client.py Quand on run le client on a un jeu qui se lance :
Welcome to game
What would you like to do?
1. Speak to goblin in front of you(2 energy)
 2. Move Forward 1 step(1 energy)
 3. Move Backward 1 step(1 energy)
 4. Move Left 1 step(1 energy)
 5. Move Right 1 step(1 energy)
 6. Exit
Enter your choice : 1

Go to position (9,9). A flag awaits for you!
Welcome to game
What would you like to do?
1. Speak to goblin in front of you(2 energy)
 2. Move Forward 1 step(1 energy)
 3. Move Backward 1 step(1 energy)
 4. Move Left 1 step(1 energy)
 5. Move Right 1 step(1 energy)
 6. Exit

On voit que le flag se trouve à la position (9,9) Il suffit de faire croire au serveur qu'on est à la position du flag en modifiant la position envoyée :

-      packet = struct.pack("iiiiiiii",posx,posy,coins,health,mana,goblin,terminated,dummyflag)
+      packet = struct.pack("iiiiiiii",9,9,coins,health,mana,goblin,terminated,dummyflag)

Easy on a le flag :

b00t2root{p4ck3t_inj3ct}

flag : b00t2root{p4ck3t_inj3ct}