PicoCTFPicoCTF2026
Identify
diberi sebuah source code :
while(True):
try:
print('⊹──────[ BYTEMANCY-0 ]──────⊹')
print("☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐")
print()
print('Send me ASCII DECIMAL 101, 101, 101, side-by-side, no space.')
print()
print("☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐☉⟊☽☈⟁⧋⟡☍⟐")
print('⊹─────────────⟡─────────────⊹')
user_input = input('==> ')
if user_input == "\x65\x65\x65":
print(open("./flag.txt", "r").read())
break
else:
print("That wasn't it. I got: " + str(user_input))
print()
print()
print()
except Exception as e:
print(e)
breakdimana sudah terlihat jelas bagaimana, untuk menemukan flagnya kita hanya perlu memasukan input \x65\x65\x65 kita bisa menggunakan script ini untuk mengirimkan input agar tidak terencode atau tidak berubah saat dikirim ke server:
from pwn import *
r = remote("HOST", PORT)
r.sendline("\x65\x65\x65")
print(r.recv())script itu juga bisa digunakan untuk soal soal bytemancy 1 & 2, hanya dengan mengganti isi r.sendline() sesuai dengan yang ada di source code.
Solving
bytemancy 0
r.sendline("\x65\x65\x65")❯ python3 pwnsender.py
[+] Opening connection to candy-mountain.picoctf.net on port 50725: Done
/home/han/CTF/tool/pwnsender.py:5: BytesWarning: Text is not bytes; assuming ASCII, no guarantees. See https://docs.pwntools.com/#bytes
r.sendline("\x65\x65\x65") #new line
b'\xe2\x...\n==> picoCTF{pr1n74813_ch4r5_184029cd}\n'
[*] Closed connection to candy-mountain.picoctf.net port 50725bytemancy 1
r.sendline("\x65"*1751)❯ python3 pwnsender.py
[+] Opening connection to foggy-cliff.picoctf.net on port 63584: Done
/home/han/CTF/tool/pwnsender.py:5: BytesWarning: Text is not bytes; assuming ASCII, no guarantees. See https://docs.pwntools.com/#bytes
r.sendline("\x65"*1751) #new line
b"\xe2\x\x8a\xb9\n==> picoCTF{h0w_m4ny_e's???_0c1ad83a}\n"
[*] Closed connection to foggy-cliff.picoctf.net port 63584bytemancy 2
r.sendline(b"\xff\xff\xff")❯ python3 pwnsender.py
[+] Opening connection to lonely-island.picoctf.net on port 52194: Done
b'\xe2\x8a\xb9\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80[ BYTEMANCY-2 ]\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80\xe2\x94\x80\xe2\x8a\xb9\n\xe2\x98\x8d\xe2\x9f\x90\xe2\x98\x89\xe2\x9f\x8a\xe2\x98\xbd\xe2\x98\x88\xe2\x9f\x81\xe2\xa7\x8b\xe2\x9f\xa1\xe2\x98\x8d\xe2\x9f\x90\xe2\x98\x89\xe2\x9f\x8a\xe2\x98\xbd\xe2\x98\x88\xe2\x9f\x81\xe2\xa7\x8b\xe2\x9f\xa1\xe2\x98\x8d\xe2\x9f\x90\xe2\x98\x89\xe2\x9f\x8a\xe2\x98\xbd\xe2\x98\x88\xe2\x9f\x81\xe2\xa7\x8b\xe2\x9f\xa1\xe2\x98\x8d\xe2\x9f\x90\n\nSend me the HEX BYTE 0xFF 3 times, side-by-side, no space.\n
\n\xe2\x98\x8d\xe2\x9f\x90\xe2\x989\n==>picoCTF{3ff5_4_d4yz_f56ee8d7}