Rating:

Fairly straightforward hash length extension attack using hashpumpy - and a bit of Python brute forcing to determine the key length.

https://advancedpersistentjest.com/2018/05/21/writeups-sign-cpushop-cats-rctf-part-1/

Original writeup (https://advancedpersistentjest.com/2018/05/21/writeups-sign-cpushop-cats-rctf-part-1/).