CTFtime.org

waiting an eternity

by chiv / chiv

Rating: 4.0

### First eternity

The webpage just had text "just wait an eternity". When inspect the request, there is a "Refresh" header with a huge value and url with a secret code.

![First eternity](https://www.cjxol.com/assets/image/amateursctf-web-writeup/first-eternity.png)

### Another eternity

Visit the url in the "Refresh" header, it shows a page saying "welcome. please wait another eternity.".

Inspect the request, it sets a cookie "time" with a value appears to be the current timestamp like `1690326049.1573777`. With the cookie set, refresh the page, and the page shows text like "you have not waited an eternity. you have only waited 228.13574051856995 seconds". The time mentioned in the message appears to be the difference between the current timestamp and the timestamp in the cookie.

Sets the cookie to a large value, it says have only waited a large negative number of seconds. Sets the cookie to a negative value, it says have waited a large number of seconds, but there is still no flag.

The message told to wait an eternity, but how long is an eternity? The internet says the definitions of eternity is "[infinite time](https://www.dictionary.com/browse/eternity)", "[time that never ends](https://dictionary.cambridge.org/dictionary/english/eternity)" or "a very long time". Hmm, how long the website would consider to be an eternity? Look up gunicorn that appears to be the web server according to the response header, the website is running Python. In Python, a number (except `-inf`) minus `-inf` would be `inf`. So, if the cookie value is `-inf`, the number of seconds have waited would be `inf`, and website would consider it to be an eternity.

![Another eternity](https://www.cjxol.com/assets/image/amateursctf-web-writeup/another-eternity.png)

After two eternities, I got the flag:

```
amateursCTF{im_g0iNg_2_s13Ep_foR_a_looo0ooO0oOooooOng_t1M3}
```

#### Speculation

The web server is probably taking value from the cookie, and use `float()` to convert it to a float, thus `float('-inf')` would be float `-inf`. Number of seconds waited is calculated by subtracting the float value from the current timestamp. (Actually, yes, can confirm with the [source code](https://github.com/les-amateurs/AmateursCTF-Public/blob/b9b40a55969e3e1553ed14e66bb460a9370db509/2023/web/waiting-an-eternity/main.py#L18))

Original writeup (https://www.cjxol.com/posts/amateursctf-web-writeup/#wait-an-eternity).

Comments