Forensics — Desrouleaux
I’d like to start with this challenge as it took me quite a lot of time to figure out. You can either do it manually or with a Python script. I tried at first doing it manually, but had no luck with the final question that needed to be answered in order to unlock the flag. So I decided to “cheat” by using a Python script to solve it. However, I had some Python compatibility issues, which I’d like to save you from if ever you attempt this exercise.
You will need to install the pwntools module for Python. Then you will need to write/find a script that can be used to extract data from the the .json file provided to you and answer the questions. The first two questions should not be difficult to answer manually, as indicated above. However, the third one needs a “brute force” approach, which is exactly what this Python script takes (thanks to Kristóf Tóth for writing and publishing it).
Beware, however, that this script is written in the Python 2 language, so make sure that you install pwntools for Python 2 and not Python 3 (my Ubuntu distribution came with both already installed and pwntools was installed for Python 3 by default). If you do want to run the script using Python 3, you will have to translate it to Python 3 first. There are some online tools that do this, but none are perfect.
Then of course you need to make some other ad hoc changes to the script. For example, you will need to make sure the server information corresponds correctly to that which you have been given in the question. See below the line of code concerned here:
When you run the script, you should see something like this:
When the script arrives at the correct number, it will stop guessing. This is how a while-loop works in Python. It will then input the correct number and you’ll have captured the flag! Congratulations.
To continue with this series, click here.