CTF-writeups

Some CTF writeups


Project maintained by Qyn-CTF

Oracle Impostor - Medium

Description:

Whether it's ancient Greek politics or cryptography, oracles make life a lot easier.

Except that you don't have one.

And this isn't about cryptography either.

You can start a local version of the challenge on your own system by starting server.py.

Once you know how to solve it, connect to our service via TCP at oracle-impostor.cscg.live:1024.

First looks

We’re given the source code of the application, in there, we need to somehow guess a random string of 128 characters which will give us the flag

Solving

At the start of the handle_connection function, we see this:

# who even needs buffering?
sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 0)
sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)

And we can also see the timeout:

sock.settimeout(10)

The idea is rather simple, we read until we get our secret, disable our internet for 10 seconds, so the timeout handler hits and it doesn’t generate a new secret, because it only generates a new secret after sending the If you're the real oracle, then try again. string. So if we get into the timeout handler before that we can reuse the same secret.
For this I used clumsy, because I remembered such a tool that slowed down the connection, dropped packets and lagged packets.
If we add some lag to the packets and observe the connection using wireshark, we can drop all packets for 10 seconds after receiving our secret. If we then send the secret we get our flag:
CSCG{gib_ack_plis_cAmgUXs2wr2XFi5NSt7Ud2F0}

Home