warsaw's Sorting Server CTF
| Download sortingserver.zip, 2 kb (password: crackmes.de) Browse contents of sortingserver.zip This is a server which is designed to sort numbers for people. However, it contains a subtle design flaw which allows recovery of the secret flag.
Difficulty: 4 - Needs special knowledge | Send a message to warsaw » View profile of warsaw » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| menessy 01. May 2013 | would the author post the solution |
|---|---|
| warsaw Author 18. Aug 2013 | Hint: It's not a timing attack. There's a much easier way to do it. |
| phueghy 19. Aug 2013 | I can't even get it to start as it states an error: File "sortingserver.py", line 111 return {k:v[0] for k,v in params.items()} ^ SyntaxError: invalid syntax Am I using a wrong python version or is it not supposed to be run via "python sortingserver.py"? |
| warsaw Author 27. Aug 2013 | You're probably using Python 2.6. You need 2.7 |
| warsaw Author 27. Aug 2013 | You'll also need to supply your own flag.txt of course |
| phueghy 04. Sep 2013 | As you stated it isn't a timing attack so I am somewhat lost. The only interaction possible is via the sorting algorithm. It chooses the same pivots every time but as there is no other output than the sorted list, I have no idea as how to guess the seed of the pivot random number sequence. |
| warsaw Author 22. Oct 2013 | Hint: Why is recursion problematic in Python? |
| syspher 27. May 2015 | The goal is to get the message: Correct! ? |
| andrewl.us Moderator 27. May 2015 | the goal is to access the server in such a way that the integer key (in flag.txt) is revealed, no matter what value it is example queries are given in the python comments your solution should contain the magic query and an explanation of how it was derived |
| Extreme Coders 29. May 2015 | By providing a specially crafted input is possible to overflow the recursion but how this affects in revealing the key has yet to be explored. Note: I am not talking about inputting a insanely large a list of numbers ;) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.