Posted in Writeups on 2017-02-21 21:22:14
This was an interesting challange. You started by connecting with telnet to the server specified in the challenge description. Once connected, a question was asked: What is the birth year of [known cryptographer]? You had 2 seconds to react before the server disconnected you. Once you connected again, the server asked the same question but for a different person. I begun connecting over and over again to see if there was a pattern or if the selection of people was small. I came to the conclusion that the server was selecting randomly from a list consiting of 20+ names.
I looked up some of the names to see which year they were born, then I began connecting again hoping that the name I looked up would show. To my suprise the name came up pretty fast, so I entered the birth year but I was given no flag. Instead, a new name was asked.
I concluded the following:
- The server is selecting known cryptographers from a list consisting of 20+ names.
- If you enter the wrong birth year, the server will disconnect you.
- If you enter the correct birth year, the server will ask the same question but for a different person.
- The server will most likely ask you a specific number of times before you are given a flag
Search all the things!
I thought that there are two ways to solve this challenge.
Connect to the server as much as I need until I have written down the names, then manually search for their birth years. Create a script and hardcode the names and their birth years and simply return the correct birth year for the person in the question.
I didn't like this approach, it was tedious and didn't really require any significant effort.
Instead I choose the automatic approach. I created a script that connected to the server, parsed out the name from the question asked by the server. The script makes one query to google to see if google returns a profile with the birth year. If not, the script falls back to wikipedia.
The problem with this approach is that not all entries on google and wikipedia have the same format when showing when someone was born. Therefore it required a lot of regular expressions. It was very much trial and error building this script but it got me the flag and it was fun as well.
You can find the code at our github repo here: https://github.com/ChalmersCTF/Writeups/tree/master/Insomnihack_teaser_2017/cryptoquiz