We found sorandom.py running at shell2017.picoctf.com:42263. It seems to be outputting the flag but randomizing all the characters first. Is there anyway to get back the original flag?
How this code works? Firstly it opens the flag file, reading its content, then it creates a loop which will iterate every letter in the flag string. Then, these 3 'if' statements check, whether or not the letter is lowercase, uppercase or digit, and according to that, it will append some random number to the ASCII value of a letter. Those random values were firstly seeded with a work random, meaning that everytime the code starts running, it will generate the same output.
We can simply crack it, by reversing the scheme and simply substracting those values. By firstly, let's connect to the server to get the encrypted flag.
Now we can change the code.
And lastly, let's run this code once again on our local computer. Remember to use python2!
Here we go.
If you have any suggestions regarding this post or just want to chat together check out these ways to reach out to me.