Are you ready to take on the PicoCTF WebSockFish Walkthrough and have a little fun while you’re at it? In this post, I’m going to walk you through how to beat the notorious WebSockFish chess bot using WebSockets and a sprinkle of strategy.
Let’s get cracking, and don’t worry—this isn’t just another boring, serious tutorial. We’re going to make it light, fun, and hopefully, you’ll be laughing as you outsmart that bot!
Understanding the PicoCTF WebSockFish Challenge
Before you dive into the code, let’s quickly set the stage. The goal of this challenge is simple: beat a chess bot that’s tougher than it looks. The bot isn’t going to hand you the win on a silver platter. It’s up to you to figure out how to communicate with it through WebSockets and play your way to victory.
What’s WebSocket Got to Do with It?
WebSockets are like the cool, real-time chat system between your browser and the server. Unlike HTTP, which is more like sending letters in the mail, WebSockets let you send and receive messages instantly. This is important because you’ll be sending messages to the chess bot in real-time to make your moves.
So, grab your thinking cap, and let’s dive into the code.
Step-by-Step: Cracking the PicoCTF WebSockFish Code
1. Find the WebSocket in the Source Code
First thing’s first—open up the source code. Don’t worry; it’s not as scary as it sounds! You’ll find a WebSocket being created somewhere in there. This WebSocket is your connection to the bot. It’s like your secret communication line, so don’t break it!
When you see the WebSocket being initialized, you know you’ve found the starting point. Take a mental note because you’ll be sending messages through this WebSocket later.
2. The ‘eval’ Function: The Real Star of the Show
This is where the fun begins. In the source code, there’s this thing called the eval function. It sounds fancy, right? But don’t be intimidated! This function is what makes the magic happen. Essentially, it executes the code that gets passed into it. So, it’s kind of like telling the server, “Hey, run this for me, will ya?”
Now, don’t just sit there staring at it. You need to figure out how to send the right messages to win the game. So let’s start with sending a message with the word “mate” in it.
3. Send the Message: ‘mate 100’
Here comes the fun part: sending messages to the bot! In your console, type in this command:
sendMessage("mate 100");
You’ll probably see the message sent, but nothing too exciting will happen. Don’t worry, the real test is yet to come.
4. Try Bigger Numbers: ‘mate 120000000000000000’
Okay, now let’s get fancy. Try sending a much bigger number. What’s the worst that could happen, right?
sendMessage("mate 12000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");
Nothing? Don’t fret! That’s not the key to winning. But it sure makes you feel like you’re doing something impressive.
5. The Game-Changer: ‘eval’
Now, for the magic moment. This is where we switch gears. Instead of just sending “mate,” you’re going to use the eval function. It’s like cracking open a treasure chest—you’re getting closer!
Here’s the secret sauce:
sendMessage("eval 10000");Still nothing exciting? It’s alright; we’re almost there!
6. Try a Really Big Number
Go even bigger. Really big. Something that’ll make even the bot go “whoa, hold up!” Try this:
sendMessage("eval 10000000000000");
At this point, things are starting to get interesting. You should notice some feedback from the bot. It’s like watching a slow-motion car chase, but you’re the one calling the shots.
i try long digits also
sendMessage("eval 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000");but no changes!
7. The Winning Move: Negative Numbers
Here’s where things take a dramatic turn. Instead of huge positive numbers, try negative numbers in the eval function. This is where the real magic happens.
sendMessage("eval -1000000000000000000000000000000000000000000000000000000000");Boom! You’ve cracked the code. The bot resigns, and guess what? You just won the flag.
The Flag: Your Reward
And just like that, after all the WebSocket messages and eval testing, you’ve got the flag:
picoCTF{c1i3nt_s1d3_w3b_s0ck3t5_e5e75e69}Who said hacking had to be all serious? You’ve just outsmarted a chess bot in the most fun way possible!
Conclusion: You Did It!
And there you have it—a simple, step-by-step walkthrough of how to take down the PicoCTF WebSockFish challenge with a little humor along the way. By understanding how WebSockets work and testing the eval function with some fun messages, you’ve unlocked the flag and had a blast while doing it.
Remember, hacking doesn’t always have to be intense—sometimes, it’s about having fun and thinking outside the box.
See you in the next challenge, and don’t forget to keep the fun rolling!
my other blogs
- n0s4n1ty 1 CTF Writeup: Web Exploitation Challenge Walkthrough
- Unlocking the Secrets Information picoCTF Walkthrough
- PHP Shell Command Execution: Gain Shell Access Through URL
- picoCTF heapdump challenge writeup
- PicoCTF Cookie Monster Secret Recipe writeup
- picoCTF IntroToBurp: Web Exploitation
- picoCTF inspect HTML: Web exploitation
- PicoCTF Scavenger Hunt Walkthrough: Flag Hunting Fun!
- PicoCTF Cookies Walkthrough – Crack the Cookie Puzzle Fast!
- PicoCTF Includes Walkthrough – Easy Guide to Finding the Flag
