$ cat writeup.md…
$ cat writeup.md…
hackthebox
$ cat /etc/rate-limit
Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.
"How fast can you keep score?"
A TCP service at 154.57.164.67:31990 runs a dice game with 100 rounds. Each round, 8-13 players roll dice (increasing count per round). You must identify the winner (highest sum, ties broken by last player) within 0.3 seconds.
Examining the challenge source code reveals the game mechanics:
player_nr = random.randint(8, 13) — random number of players (8-13)rnd has dice_nr = rnd * 2 + 2 dice per player (increasing each round)random.randint(1, 6)sorted(dice_sum.items(), key=lambda x:x[1])[-1][0][1].split('_')[1]time.sleep(0.1) per player line and time.sleep(0.05) before "Who wins"start = time.time() answer = input('> ') if time.time() - start > timeout: # timeout = 0.3 print("Mate... your are too slow!") return False
The key insight is that the 0.3s timer starts when time.time() is called BEFORE input(). If our answer is already in the TCP receive buffer when input() executes, it returns instantly, making time.time() - start ≈ 0.
...
$ grep --similar