CatStep

Search…
CatStep
Description
Greeting human!
We want to play a game with you. The mission is simple: you need to guess our flag, that’s all. We use an algorithm to determine the similarity of strings.
Solution
The server accepts a guess, and calculates the Levenshtein distance between our guess and the flag.
We can think of the Levinshtien distance as the minimum number of single-character
Insertions,
Deletions, or
Substitutions
required to change our guess to the flag.
We can simply start off with the guess spbctf{<28 spaces>}. Since we know the space character will never be part of the flag, the Levenshtien distance simplifies to the number of wrong characters in our guess.
This allows us to bruteforce the flag.
1
import requests
2
import string
3
import json
4
​
5
alphabet = string.ascii_letters + string.digits + '_{}'
6
​
7
flag = 'spbctf{'
8
​
9
done = False
10
i = 0
11
target_dist = 27
12
while not done:
13
​
14
    for char in alphabet:
15
​
16
        print(flag + char + ' ' * (27 - i) + '}')
17
        
18
        r = requests.post('https://cat-step.disasm.me/',{
19
            'flag': flag + char  + ' ' * (27 - i) + '}'
20
        })
21
​
22
        dist = json.loads(r.text)
23
        print(dist)
24
        if dist['length'] == target_dist:
25
            break
26
    
27
    flag += char
28
    print(flag)
29
    target_dist -= 1
30
​
31
    i += 1
Copied!
BLT
Next - 2021
Asian Cyber Security Challenge (ACSC) 2021
Last modified 1mo ago
Copy link
Contents
Description
Solution