picoCTF 2022 | RPS Write-up

Challenge description

Here’s a program that plays rock, paper, scissors against you. I hear something good happens if you win 5 times in a row. Connect to the program with netcat: $ nc saturn.picoctf.net 53865 The program’s source code with the flag redacted can be downloaded here.

Category: Binary Exploitation


Since this is a binary exploitation challenge with the source code provided, I like to quickly scan over that first. A few things stood out.

We need 5 wins for the flag, losing resets the “wins” counter
How the RPS game works

The user can input anything, that input will be compared with the computer, which will randomly choose a hand from the loses set. If you simply choose rock, paper, or scissors, you’ll have to rely on sheer luck to win 5 times in a row, which is rather unrealistic.

So instead, let’s cheat! Since there is no limit to what the user can input, nothing is preventing us from using rock, paper, AND scissors. Now, you are guaranteeing the computer would lose no matter what.

Here are some examples:

5 quick wins and the flag is ours!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: