CatStep

Description

Greeting human!
We want to play a game with you. The mission is simple: you need to guess our flag, that’s all. We use an algorithm to determine the similarity of strings.

Solution

The server accepts a guess, and calculates the Levenshtein distance between our guess and the flag.
We can think of the Levinshtien distance as the minimum number of single-character
  • Insertions,
  • Deletions, or
  • Substitutions
required to change our guess to the flag.
We can simply start off with the guess spbctf{<28 spaces>}. Since we know the space character will never be part of the flag, the Levenshtien distance simplifies to the number of wrong characters in our guess.
This allows us to bruteforce the flag.
1
import requests
2
import string
3
import json
4
​
5
alphabet = string.ascii_letters + string.digits + '_{}'
6
​
7
flag = 'spbctf{'
8
​
9
done = False
10
i = 0
11
target_dist = 27
12
while not done:
13
​
14
for char in alphabet:
15
​
16
print(flag + char + ' ' * (27 - i) + '}')
17
18
r = requests.post('https://cat-step.disasm.me/',{
19
'flag': flag + char + ' ' * (27 - i) + '}'
20
})
21
​
22
dist = json.loads(r.text)
23
print(dist)
24
if dist['length'] == target_dist:
25
break
26
27
flag += char
28
print(flag)
29
target_dist -= 1
30
​
31
i += 1
Copied!
Copy link