Boston Key Party CTF – Symphony Writeup

The Boston Key Party CTF happened on the weekend, and i didn’t realize till the last minute.

But i managed to get a couple of challenges done, and here’s a nice quick writeup for the Symphony challenge, a huge 25 pointer 🙂

The challenge was:

Challenge

You click the link, and get taken to a web page a password:

Prompt

If you click the Level 2 title, it takes you to the html/php code running in the background.  The main part, being the PHP code, which was:

<?php
require 'flag.php';

if (isset($_GET['password'])) {
     if (is_numeric($_GET['password'])){
          if (strlen($_GET['password']) < 4){
               if ($_GET['password'] > 999)
                    die('Flag: '.$flag);
               else
                    print '<p class="alert">Too little</p>';
          } else
               print '<p class="alert">Too long</p>';
     } else
          print '<p class="alert">Password is not numeric</p>';
}
?>



So lets break down the PHP code.

  • First it checks to see if something has been entered into the password field.
  • Then it uses the PHP function called is_numeric which checks to see if the value entered into the password field is a numeric one.
  • Next to checks to see if the entered value is less that 4 characters in length.
  • Then finally it checks to see if the entered value is greater than 999

So we need to enter a numeric password, greater than 999, but less than 4 characters.  As i’m still learning PHP, i wanted to know more about the function is_numeric

Finds whether the given variable is numeric. Numeric strings consist of optional sign, any number of digits, optional decimal part and optional exponential part. Thus +0123.45e6 is a valid numeric value. Hexadecimal (e.g. 0xf4c3b00c), Binary (e.g. 0b10100111001), Octal (e.g. 0777) notation is allowed too but only without sign, decimal and exponential part.

Oohhh, so as well as decimal, it also works with binary, octal and….hex! 🙂

Time to fire up the super secret hacker tool….Windows Calculator 🙂

Make sure it’s in “Programmer” mode, enter in a number greater than 999, such as….1000.

Then hit the “Hex” button

Calc

And we end up with 3E8….which is a number greater than 999, and has less than 4 characters in it 🙂

UPDATE (03/03/2015)

Looks like i screwed by hex up!, to be an actual hex value it needs to begin with 0x, so the value should be 0x3E8 as pointed out by Zirkonix below in the comments.  Lesson learned 🙂

Attempt

Result

Woohoo!! 🙂   Yeah, i know, a nice basic one, but still fun 🙂

-dook

4 thoughts on “Boston Key Party CTF – Symphony Writeup

  1. Zirkonix

    To enter 1000 in hex, you need to write 0x3E8. Otherwise, it is parse as a decimal.

    What you wrote is in fact 3 x 10 ^ 8 = 300’000’000.

    Of course, it’s larger than 999 so it work, but it’s because it’s a floating point numeric value, not a hexadecimal integer.

    Reply
    1. dook Post author

      Ha! Good point, i’m still learning some of this stuff, but your absolutely right.

      Surprised it even worked on the challenge!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *