https://app.hackthebox.com/challenges/445

Description

Whatever you do, don’t fall asleep… In dream land, math works a little differently. A quiz is coming up. If you fail in your sleep, you fail in real life!

Exploitation

#!/usr/bin/env python3
from pwn import log, remote, sys

def main():
    if len(sys.argv) != 2:
        log.error(f'Usage: python3 {sys.argv[0]} <ip:port>')
    host, port = sys.argv[1].split(':')
    r = remote(host, int(port))
    prog = log.progress('Round')
    for i in range(500):
        r.recvuntil(b']: ')
        operation = r.recvline()[:-5].decode()
        result = eval('(' + operation.replace(' * ', ') * (') + ')')  
        r.sendlineafter(b'> ', str(result).encode())
        prog.status(f'{i + 1} / 500')
    prog.success(f'500 / 500')
    log.success(r.recvline().decode().strip())

if __name__ == '__main__':
    main()

Summary

A Nightmare On Math Street: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.