M0Lecon 2021

Key-Lottery

Solved by: Taz34

We have a simple website which asks for Keys and gives a set of rule. “Keys should be sent as comma separated string of key guesses. Letters and digits only. No spaces.” We also have an attachment server.py

Now first we tried many diffrent chars like $,% etc, but we got an error

In the attachment file we see: “/guess?keys=key0,key1,key2” here we know that we need 3 keys.

After entering many different combination of inputs, we thought of using just comma as input. At first we entered a single comma we got:

Now i though of giving 3 comma’s as input, as we have 3 keys:

And we got:

that looks like a character set. So i tried using this a the input with 3 comma’s so as to complete the requirement:

And here we have the flag: