Sunday, 31 January 2016


Maybe, someone heard about root-me challenge. I have written exploit to the first Programming challenge and I would like to present the exploit. For me, this challenge requires basic programming skills.


To start the challenge using IRC, you must send a private message to bot Candy : !ep1. The bot replies with a message in private with a string like this:
- You must calculate the square root of the number n°1 and multiply the result by the number n°2.
- Then you need to round to two decimals.
- You have 2 seconds to send the correct answer from the time the bot gets the message !ep1
- If the bot does not respond, then you have been banned. Just wait a few minutes.
- The answer must be sent as :
!ep1 -rep <answer>.
import socket
import math

 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.send('NICK foo\r\n')
 print s.recv(1024000)
 s.send('USER foo 0 * :Real Name\r\n')
 print s.recv(1024000)
 s.send("JOIN #root-me_challenge\r\n")
 print s.recv(20140000)
 message = s.send("PRIVMSG Candy !ep1\r\n")
 answer = s.recv(128).split(' :')[1].replace(' ','')
 first = math.sqrt(float(answer.split("/")[0]))
 second = answer.split("/")[1].strip('\n')
 res = first * int(second)
 print "{li:.2f}".format(li = res)
 s.send('PRIVMSG Candy !ep1 -rep ' + str("{li:.2f}".format(li = res)) + "\r\n")
 print s.recv(1024000)
 print "Connection closed"

except Exception,e:
 print e