• Category: Code
  • Points: 80
  • Solves: 66
  • Description:

Description: People say, you’re good at brute forcing… Have fun! Hint: You don’t need to crack the 31. character (newline). Try to think of different (common) time representations. Hint2: Time is CET



After telnet’ing to the given host, we received the following challenge from the server:

Connected to
Escape character is '^]'.
People say, you're good at brute forcing...
Hint: Format is TIME:CHAR
Char 0: Time is 19:53:40, 052th day of 2016 +- 30 seconds and the hash is: f7417f29f9760d97724c6f5c575a26b3dcaf39ef
Nope, that's not the right solution. Try again later!
Connection closed by foreign host.

It was rather obvious that our task was to find a character (CHAR) and the time of hashing (TIME), such that the SHA1 digest of both (TIME:CHAR) was equal to the one given.

The annoying part were the format of the TIME and the timezone (the second hint was only added after we solved the challenge).

Usualy such challenges consist of multiple levels, so we again automated the solving using the beloved pwntools/binjitsu.

Except for the guessing of format (Unix-Timestamp), timezone (CET) and some parsing, the main bruteforcing looked like this:

for offset in range(0, 62):
    for CHAR in string.printable:
        TIME = str(timestamp + offset)
        text = TIME + ':' + CHAR
        if digest == get_SHA(text):
            log.info('Solution: ' + text)
            flag += CHAR

After 31 rounds, we owned the flag:


The whole python code used to solve this challenge can be found on GIST