DEADFACE2022 Logo

Author(s):

  • syyntax

Category:

  • Programming

Points:

  • 300

File(s):

  • None

Hint(s):

  • None

Matrix

Challenge:

Turbo Tactical is looking to infiltrate DEADFACE. We know they're picky about whom they allow into their group, and recently they've started vetting new members. Our infiltrator needs your help solving a challenge on one of their remote servers. Check out Ghost Town for more information about what DEADFACE is looking for.

code.deadface.io:50000

Submit the flag as flag{flag_goes_here}.

Solution:

Connecting to the service listed in the challenge produced a matrix of numbers, and after a few seconds a message that we were too slow:

$ nc code.deadface.io 50000
[180076, 547116, 227177, 994888]
[607700, 469483, 702875, 169423]
[748756, 857202, 187655, 626215]
[754254, 916658, 709822, 498606]
[470629, 631496, 832848, 116638]
Too slow! Matrix reset.

Following the lead from the challenge description regarding the vetting of new members we searched GhostTown for the phrase "vetting" and found one thread named, Vetting New Recruits. The thread was a discussion about testing new recruits on their programming skills:

In d3rth's post we are provided a clear description of the solution: Find the smallest integer in each row, add them together and submit the total sum as the answer, before the timer runs out.

We chose to code our solution in Python3 and utilized PwnTools to handle the networking:

from pwn import * 

r = remote('code.deadface.io', 50000)

matrix = r.recv(1024).decode()

total = 0

for line in matrix.splitlines():
    res = line.strip('][').split(', ')
    total += int(min(res))

r.sendline(str(total))
r.interactive()
r.close()

Our code performs the following steps:

  1. Read each line from the service and convert it into a Python list()
  2. Find the lowest value in the list by calling min() on the list and convert that string to an integer
  3. Add the value to the running total stored in total
  4. Submit total as the answer
  5. Profit

Running our code reveals the flag:

$ python3 matrix.py 
[+] Opening connection to code.deadface.io on port 50000: Done
[*] Switching to interactive mode
flag{j4cked_int0_th3_matr1x}

The accepted flag was: flag{j4cked_int0_th3_matr1x}

Published:

Updated:

Leave a comment