the flag is being padded with the users input starting from the back, this lets us attempt to guess one character at a time untill the hashes match, then we know that the character is correct

flagflagflagflag <- user input start padding from this direction overwriting the flag if long enough...
flag----------------

we get the next hast by removing the number of padding charater we have solved +1then brute force the hash with the known charaters and the brute force character
{known}+{guess}+{remaining padding}

```
from pwn import *
import string

printable = string.ascii_letters + string.digits + string.punctuation

print printable
host = 'chal1.swampctf.com'
port = 1450

def sg(r,sending):
r.send(sending + '\n')
return r.recvline()

pad_len = 48
solve_cnt = 0
pos = 1
solved = ''
final = ''

r = remote(host,port)
notMatched= True

#get hash we need to match
teststr = "="*(pad_len-pos)
print teststr
match_hash = sg(r, teststr)
print match_hash

while True:
curpad = '-'*(pad_len - pos)
print "getting hash for {}".format(curpad)
h = sg(r,curpad)
print h #match this!
while notMatched:
for guess in printable:
gs = solved + guess + curpad
print "checking: {}".format(gs)
g = sg(r,gs)
print g,
if h == g:
notMatched = False
break
#exit()
solved = solved + guess
pos += 1
notMatched = True
print solved

```
flag: flag{rem3mber_the_pic_of_tux_aes_3ncrypted}

note: the script will keep running on the last character..