IceCTF Statistics – 50 Programming Daniel is strangely good at computing statistics in his head, so instead of a password, a program asks him a series of statistics questions for authentication. Let’s show him how insecure that is. You can access the server with  nc vuln2015.icec.tf 9000.

ceritanya di sini daniel login tanpa menggunakan password , tapi menggunakan pertanyaan2 , kalau di tidak salah ini mirip juga dengan problem chose the number seccon bedanya di sini ada sum dan average, dengan bantuan dari om Muhammad abrar istiadi , kami menggunakan pwntools untuk menyelesaikan problem ini dengan python


from pwn import *
import numpy

r = remote("vuln2015.icec.tf", 9000)

i = 1

for a in range(0, 200):

    recv = r.recvuntil("the numbers:")

    recv = recv.split("\n")

    num = recv[0].strip()
    soal = recv[1]

    print "[receiving] " + num
    print "[receiving] " + soal

    num = [int(x) for x in num.split(" ")]

    answer = 0

    if "maximum" in soal:
        answer = max(num)
    elif "minimum" in soal:
        answer = min(num)
    elif "average" in soal:
        answer = numpy.average(num)
    elif "sum" in soal:
        answer = numpy.sum(num)

    print "[answer] " + str(answer)
    print "[count] " + str(i)

    i += 1

    r.send(str(answer) + "\n")

print r.recv(4096)
print r.recv(4096)
print r.recv(4096)
print r.recv(4096)