Unlike Aplet123, Aplet321 might give you the flag if you beg him enough.
Files: Dockerfile and binary
Opening the file in ghidra we can make some guesses about the decompiled code and get the following snippet:
setbuf(stdout,(char *)0x0);
puts("hi, i\'m aplet321. how can i help?");
fgets(&input,0x200,stdin);
input_length = strlen(&input);
if (input_length < 5) {
return 0;
}
two = 0; // How many times we say "pretty"
one = 0; // How many times we say "please"
pcVar1 = &input;
// This seems to count how many times "pretty" and "please" appear in our input
do {
has_pretty = strncmp(pcVar1,"pretty",6);
one = one + (uint)(has_pretty == 0);
has_pretty = strncmp(pcVar1,"please",6);
two = two + (uint)(has_pretty == 0);
pcVar1 = pcVar1 + 1;
} while (pcVar1 != acStack_237 + ((int)input_length - 6));
if (two != 0) {
pcVar1 = strstr(&input,"flag");
if (pcVar1 == (char *)0x0) {
puts("sorry, i didn\'t understand what you mean");
return 0;
}
// Condition to get the flag
if ((one + two == 54) && (one - two == -24)) {
puts("ok here\'s your flag");
system("cat flag.txt");
return 0;
}
puts("sorry, i\'m not allowed to do that");
return 0;
}As we can see in the code, it is counting the number of times we say pretty and please. We just need to say them the right amount of times.
The condition we need to meet is (one + two == 54) && (one - two == -24) and to meet this we will need to say pretty 15 times and please 39 times.
We also need to say "flag" so we will add that at the end, making our submission:
pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please flag
Lets go try it out:
pwn:~$ nc chall.lac.tf 31321
hi, i'm aplet321. how can i help?
pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty pretty please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please please flag
ok here's your flag
lactf{next_year_i'll_make_aplet456_hqp3c1a7bip5bmnc}