Duck Hunter
Stage 001
BRIEFING
Feeling like good ole fashion duck hunt?
Connect: nc duckhunt.pwn.site 4354
Select Level 1
Work/Solution
flag{sH0ot_D3m_dUck5}
Stage 002
flag{dUcK_5n1p3R}
Python code for both stages:
import socket,time
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
def setup():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect(('duckhunt.pwn.site', 4354))
data = s.recv(4096)
time.sleep(0.1)
except:
print('error')
return s
def picklevel1(s):
s.send('1\n'.encode())
time.sleep(0.1)
return s.recv(4096)
def picklevel2(s):
s.send('2\n'.encode())
time.sleep(0.1)
return s.recv(4096)
def answer(gridY, duck):
x=0
y=0
duckvar = 0
duck = int(duck)
for i in range(len(gridY)):
j = 0
for duckspace in gridY[i]:
if duckspace == 'X':
duckvar += 1
j += 1
if duckvar == duck:
y= 25 - i - 1
x=j - 1
return "({},{})".format(x,y)
def hunt(s, grid, duck):
gridY = []
for i in range(0,25):
gridY.append(grid[i].split(' ')[:-1])
coords = answer(gridY, duck)
print(coords)
s.send(coords.encode())
time.sleep(0.1)
return s.recv(4096)
if __name__ == '__main__':
s = setup()
result = ''
duck = 1
if input("1 or 2? ") == "1":
grid = picklevel1(s).decode('utf-8')
print(grid)
grid = grid.split('\n')[-26:]
else:
grid = picklevel2(s).decode('utf-8')
print(grid)
grid = grid.split('\n')[-27:]
if 'Duck no' in grid[0]:
duck = grid[0].split(' ')[2]
grid = grid[1:]
grid.pop(-1)
while 'flag{' not in result:
result = hunt(s, grid, duck).decode('utf-8')
print(result)
if 'You Missed' in result:
break
else:
grid = result.split('\n')[-27:]
if 'Duck no' in grid[0]:
print(grid[0])
duck = grid[0].split(' ')[2]
grid = grid[1:]
grid.pop(-1)
else:
grid.pop(-1)