Points: 150

Solves: ???

Description:

Come play the hottest new text based dungeon crawler! Yours for a limited time only!

UPDATE: For those who cannot access the VM, this challenge can be accessed via: nc euchlidgoaway.tuctf.com 6662

The MOTD tells you basically everything. Test boundary conditions.

flag format: TUCTF{…}

Solution:

This challenge was both very nice and different from usual ctf challenges. Basically, we have to pwn a buggy (one might say, full of features) text-based game.

We connect to the game by nc euchlidgoaway.tuctf.com 6662 and several options are available:

  • walk around: N, S, W, E
  • rest: R
  • message of the day: MOTD, as well as some other which are not relevant.

They also mention that our level is limited to 255 as we are not admins! So our goal will first become an admin and then go from there. If we try the MOTD option, we are told that we can message the admin and complain about buggy leveling.

However, to do this, our level need to be > 1. So we go hunt for a monster until we are level 2. We can then message the admin and try to up our level. But since we are not admins we cannot get above level 255! Then, we try to pretend we are an admin by logging in as one of the admins names such as scrub.

This actually works and we are now a level 256 admin! And now we get new options in the menu:

  • Teleport: T
  • map: M

we find two new rooms in the map!

  • Admin room: in which we can leave messages for the developpers
  • Developer room: where we can read the messages left

It turns out that you can inject commands in the message board. As such we just do an ls and find that the flag is in flag.txt. After this we just need to leave cat flag.txt in the message board and return to the developers room for our nice flag!