Skip to content Skip to navigation

Challenge 1: Guerilla

Category: 

First we see the text on the page: "You must specify a nick". After quick look into source code of the page we understand that our URL must contain GET-parameter 'nick' with random value.

Then server sends us some leet-modified string like 

51xty tw0 plu5 0n3

and expecting from us solution of this expression in the same format.

Experimentally found that there is only 4 leet-modified characters: '1' == 'i', '3' == 'e', '5' == 's', '0' == 'o'.

There are can be various numbers and all 4 operations: plus, minus, times and divide by. So our solution has following steps:

  1. unleetify string to normal words (ex. "sixty two plus one");
  2. extract operation ("plus" -> "+");
  3. turn 2 strings to numbers (62 and 1);
  4. eval expression (62 + 1 = 63);
  5. turn number to words ("sixty three");
  6. leetify this string using same rules as server ("51xty thr33");
  7. send string to server and get response. If there is no flag in response go to step 1.

After some number of iterations server will send us a flag: Fl4g4Th3W1nl33tP0w4h.

P.S. Because of script use WebSockets we had to write code on JavaScript.

Attachments: