Difficulty
baby
Categories
crypto
Description
This authentication system generates a random token for access. The token is different each time you load the page. Can you predict what token the system will generate?
Author
xnull
Service
Challenge has a remote instance.

Scenario

We need to supply a 6-digit code and get the timestamp used for a seed.

Solution

If we’re fast enough, we can just reuse the previous timestamp:

import random
import requests
import re
from pwn import *
import sys

URL=sys.argv[1]
with requests.Session() as sess:
    u = sess.get(URL)
    ts = int(re.search("Token generated at timestamp: <strong>(.*)</strong>", u.text).group(1))
    success(f"Seed: {ts}")
    random.seed(ts)
    token = random.randint(100000, 999999)
    success(f"Token: {token}")
    q = sess.post(f"{URL}/verify", data={"token": token})
    flag = re.search('<p class="flag">(.*)</p>', q.text).group(1)
    success(f"Got flag: {flag}")
# [+] Seed: 1772404421
# [+] Token: 770535
# [+] Got flag: dach2026{njksdnfskdnfksdf_see_this_is_random_0a919c2c881b}

Flag:

dach2026{njksdnfskdnfksdf_see_this_is_random_0a919c2c881b}