# UNIWA 2021 CTF: Fast Calculator Writeup

Category: Misc

Points:100

Made by: Fuzzer

**Disclaimer**This is my first writeup for a ctf. You have been warned.

**Intro**We are given a url and a port. After first trying to ssh without luck, I tried netcat. Worked. From the challenge’s overview we get this:

To solve this challenge you need to think really fast.

**Solving the challenge**

So, after connecting we are greeted with this message:

I immediately thought, that this needs a scripting solution.

But wanted to be sure. So I first tried giving the server the correct answer, then a false one.

Two things to note here: First, the calculations are multiplication, division, subtraction and addition . Second, no matter how many times you restart the server, the calculations are given in the exact same order. They are not random. So, again this points to scripting.

I tried giving it a big string to see how it will handle it, but just errored out.

So off to scripting we go. I chose Node.js as at the time of this write-up, I use it daily and I am most comfortable with it.

I used the netcat module for connecting to the server and exchanging data. Never used it before but its documentation is pretty straight forward. I also used a module called StringMath to perform the actual math operations.

**Struggles**

I had to run the program a couple of times as the calculations were somewhat 200 and my script errored two times near the end of the challenge. First it doesn’t accept decimals, so I had to use *Math.floor*. Second, if the number is 0<Calc_Result<1, the accepted result given to the server is only **0**.

**Final Script**

**Code Explanation**

Although pretty basic, here are some notes on the code.

With connect().on(‘data’), the function is activated every time we receive a message via netcat from the server. We use *utf8* encoding as otherwise we get bytes of data. I first check if the message contains the **UNIWA** chars, which were the starting chars of every flag. The success message was put after the challenge was done, just so I get the complete flag message.

First, I added an **if** for the *Answer: *part cause it was actually sent as a seperate message after the calculation.

With some regex, I removed the newline character from the given calculation.

After that, I pass the string which contained the calculation over to **StringMath** and I get an int with the result. I added the **if **statement I talked early for sending 0 if the number was between 0 and 1 and I also floored the number as in the division calculation it only accepted numbers included in ** Z**.

I finally convert the int to string and send it back.

**Final Result**

Here is the script in action:

And here is after one minute and countless calculations, the successful result:

**UNIWA{H0p3_y0u_scr1pt3d_th1s}**

Indeed we scripted this.

**Conclusion**

Had a lot of fun this weekend with the UNIWA CTF. Thanks to the guys that organized this. **Fast Calculator **was by far my favourite (and perhaps one of the easiest) challenge from this CTF.

Thanks for reading.