On the high seas, the nights get boring. Try to win the game against the captain!
pirates.fluxfingers.net port 6565/tcp
Let’s go & connect there:
> nc pirates.fluxfingers.net 6565 /9j/4AAQSkZJRgABAQEAYABgAAD//gAJbWQ1d2luc//bAEMABQ MEBAQDBQQEBAUFBQYHDAgHBwcHDwsLCQwRDxISEQ8RERMWHBcT <...> EgWAYlOhQqadCpxQPCn4JDjQoVacgqCQ4dtCAY4+FChVJb7BVE A6fCnKIB0+FChSuX3C8XQPuhoUKFd+JM//Z
The service gives us some base64 and waits 2 seconds for reply. Unbase64ing the data, we get this jpeg:
There is no EXIF tag, and `strings` don’t show anything interesting (only ‘md5wins’ which is not the flag). I connected again and got another image:
This looks like a pebble lying on sand, and it has a string: “p4ss: nothere” in it. Hard to understand what it’s for, so let’s connect some more times and dump some more data. Script for that:
<?php $were = array(); while (true) { $s = fsockopen("pirates.fluxfingers.net", 6565); $ln = fgets($s); fclose($s); $ln = base64_decode($ln); $md5 = md5($ln); if (!isset($were[$md5])) { file_put_contents("$md5.jpg", $ln); $were[$md5] = true; echo "!"; } else echo "."; } ?>
>\php\php dump_images.php !..........!...!!...........!.............................^C >
The service sends out 5 different base64ed jpeg images:
|
|
 |
 |
 |
| spock.jpg | rock.jpg | paper.jpg | sciss.jpg | yasch.jpg |
They all have useless text comments in them and nothing else. But they have something in common. They all are symbols from Rock Paper Scissors Lizard Spock game :)
Spock is beaten by lizard, Rock is beaten by paper, Paper – by scissors, and Lizard with Scissors are beaten by rock.
Task says we have to win the game, so let’s try to send Captain the base64 of an image that beats his image. D’oh, that doesn’t work! Remember the comment from Spock pic: “md5wins”? Let’s send him md5 of winning image. Yay, he replies with another base64! So we’re gonna code a bot that plays the game:
<?php $objs = array("rock.jpg" => 1, "paper.jpg" => 1, "sciss.jpg" => 1, "spock.jpg" => 1, "yasch.jpg" => 1); foreach ($objs as $i => $nul) $objs[$i] = md5_file($i); $s = fsockopen("pirates.fluxfingers.net", 6565); while (true) { $orig = $ln = fgets($s); $ln = base64_decode($ln); $ln = md5($ln); if (($i = array_search($ln, $objs)) === false) { echo "GOT FLAG: $orig\n"; break; } else { echo "$i - "; if ($i == "paper.jpg") $e = "sciss.jpg"; elseif ($i == "rock.jpg") $e = "paper.jpg"; elseif ($i == "yasch.jpg") $e = "rock.jpg"; elseif ($i == "spock.jpg") $e = "yasch.jpg"; else $e = "rock.jpg"; fwrite($s, md5_file($e) . "\n"); echo "$e\n"; } } ?>
Run it:
> \php\php rps.php spock.jpg - yasch.jpg yasch.jpg - rock.jpg yasch.jpg - rock.jpg paper.jpg - sciss.jpg spock.jpg - yasch.jpg rock.jpg - spock.jpg sciss.jpg - rock.jpg spock.jpg - yasch.jpg GOT FLAG: the secret is: ev!lsYcerf0xxr0xx
The answer is ev!lsYcerf0xxr0xx
1 comment
Is it in Kali Linux? The terminal u use