CAMSCTF CCTF 2015: Web B (Exploitation) Write-up

Description:

"Time is what we want most, but what we use worst." - William Penn

Solution:

          Target: http://web.camsctf.com/b/

          Intercept http request with Burp Suite.

          debug=0 ?, try to change debug to 1

          Base64 decode and get a start time and end time.

          "Time", then I see this word, I think It must about Side-channel attack, and my solution below.

          password=uHH>nN#)[Ks5v:E&debug=1 to get the flag. :D

Flag: {how_many_microseconds_did_i_waste_solving_this_0ne}