Misc - Mathtest

A simple miscellaneous challenge that gives the flag after solving 1000 math questions.

In this challenge i had to solve 1000 math questions to retrieve the flag. The questions were generated randomly. I was given a chall.py file.

Solution :

I wrote a small script using pwn library to connect to the server. The below script Solve.py that received each question and calculated answers using python's eval() function.

Chall.py

import random
from flag import FLAG

def genRandMath():
    eqn = f'{random.randint(-1000, 1000)}'
    eqn = f"{eqn} {random.choice(['+', '*', '-', '//'])} {random.randint(-1000, 1000)}"
    while random.randint(0, 3) != 1:
        eqn = f"{eqn} {random.choice(['+', '*', '-', '//'])} {random.randint(-1000, 1000)}"
    try:
        res = eval(eqn)
        return eqn, res
    except ZeroDivisionError:
        return genRandMath()

print("Welcome to a simple math test.")
print("If you solve these basic math questions, I will give you the flag.")
print("Good Luck")

for i in range(1000):
    eqn, correct = genRandMath()
    print(f"Question: {eqn}")
    res = int(input("Answer: "))
    if res != correct:
        print(f"Wrong!! Correct answer is {correct}")
        exit()
    
    print(f"Correct {i+1}/1000")

print(f"Congratz! Here is the flag {FLAG}")

Solve.py

from pwn import remote
import re

def math(host, port):
    conn = remote(host, port)
    while True:
        data = conn.recvuntil(b"\n").decode('utf-8')
        print(data, end="")
        
        match = re.search(r'Question: (.+)', data)
        if match:
            equation = match.group(1)
            answer = eval(equation)
            conn.sendline(str(int(answer)))
        elif "Congratz!" in data or "Wrong!!" in data:
            break

    conn.close()

HOST = "34.66.235.106"
PORT = 5000

math(HOST, PORT)

Flag: uoftctf{7h15_15_b451c_10_7357_d16u153d_45_4_m47h_7357}