picoCTF General Skills Guide

here's how to solve Binary Search

Back to the General Skills Guides

Binary Search

Description: Want to play a game? As you use more of the shell, you might be interested in how they work! Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You'll have 1000 possibilities and only 10 guesses. Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools! You can download the challenge files here: challenge.zip ssh -p 65215 ctf-player@atlas.picoctf.net Using the password 1db87a14. Accept the fingerprint with yes, and ls once connected to begin. Remember, in a shell, passwords are hidden!
Author: Jeffery John
Tags: Easy, General Skills, picoCTF 2024, shell, browser_webshell_solvable, ls
Hints: 1. Have you ever played hot or cold? Binary search is a bit like that. 2. You have a very limited number of guesses. Try larger jumps between numbers! 3. The program will randomly choose a new number each time you connect. You can always try again, but you should start your binary search over from the beginning - try around 500. Can you think of why?
Files: challenge.zip

Theory

According to the description, to get the flag we have to play a fun number guessing game, where we have ten attempts to guess a number between one and a thousand, but don't worry about the amount of possibilities, because it would be pretty unfair if it was just that, so the game is going to tell us if we're either too low or too high, which if we look in the zip file that has the code of the little game, we can confirm this usage. Anyway, that way, mathematically speaking if we divide the numbers perfectly in half throughout all the ten attempts, we will get the correct number each time, you can do this in a calculator using the formula for the average. Also if you want to try it out on the web, I made an HTML version on CodePen here.

Solution

So, if we follow the strategy from theory after logging in with the details from the description after starting the session. For example, at the end I got the number 942. The number will be different for you since it's random, so just divide by half each time to guarantee the flag:

shukularuni-picoctf@webshell:~$ ssh -p 62207 ctf-player@atlas.picoctf.net
ctf-player@atlas.picoctf.net's password: 1db87a14
Welcome to the Binary Search Game!
I'm thinking of a number between 1 and 1000.
Enter your guess: 500
Higher! Try again.
Enter your guess: 750
Higher! Try again.
Enter your guess: 875
Higher! Try again.
Enter your guess: 937
Higher! Try again.
Enter your guess: 968
Lower! Try again.
Enter your guess: 952 
Lower! Try again.
Enter your guess: 945
Lower! Try again.
Enter your guess: 941
Higher! Try again.
Enter your guess: 943        
Lower! Try again.
Enter your guess: 942
Congratulations! You guessed the correct number: 942
Here's your flag: picoCTF{g00d_gu355_1597707f}
Connection to atlas.picoctf.net closed.

The SSH closes after that, and there we go! That's the flag.

https://play.picoctf.org/practice/challenge/442

Explore My Website