Duck Hunter

Stage 001

BRIEFING

Feeling like good ole fashion duck hunt?

Connect: nc duckhunt.pwn.site 4354

Select Level 1

Work/Solution

flag{sH0ot_D3m_dUck5}

Stage 002

flag{dUcK_5n1p3R}

Python code for both stages:

import socket,time
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

def setup():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        s.connect(('duckhunt.pwn.site', 4354))
        data = s.recv(4096)
        time.sleep(0.1)
    except:
        print('error')
    return s

def picklevel1(s):
    s.send('1\n'.encode())
    time.sleep(0.1)
    return s.recv(4096)

def picklevel2(s):
    s.send('2\n'.encode())
    time.sleep(0.1)
    return s.recv(4096)

def answer(gridY, duck):
    x=0
    y=0
    duckvar = 0
    duck = int(duck)
    for i in range(len(gridY)):
        j = 0
        for duckspace in gridY[i]:
            if duckspace == 'X':
                duckvar += 1
            j += 1
            if duckvar == duck:
                y= 25 - i - 1
                x=j - 1
                return "({},{})".format(x,y)

def hunt(s, grid, duck):
    gridY = []
    for i in range(0,25):
        gridY.append(grid[i].split(' ')[:-1])
    coords = answer(gridY, duck)
    print(coords)
    s.send(coords.encode())
    time.sleep(0.1)
    return s.recv(4096)

if __name__ == '__main__':
    s = setup()
    result = ''
    duck = 1
    if input("1 or 2? ") == "1":
        grid = picklevel1(s).decode('utf-8')
        print(grid)
        grid = grid.split('\n')[-26:]
    else:
        grid = picklevel2(s).decode('utf-8')
        print(grid)
        grid = grid.split('\n')[-27:]
    if 'Duck no' in grid[0]:
        duck = grid[0].split(' ')[2]
        grid = grid[1:]
    grid.pop(-1)
    while 'flag{' not in result:
        result = hunt(s, grid, duck).decode('utf-8')
        print(result)
        if 'You Missed' in result:
            break
        else:
            grid = result.split('\n')[-27:]
            if 'Duck no' in grid[0]:
                print(grid[0])
                duck = grid[0].split(' ')[2]
                grid = grid[1:]
                grid.pop(-1)
            else:
                grid.pop(-1)