# Binary Exploitation with Time Guessing

Last modified: 2023-03-01

## Investigation

```
./example
Guess the number: 1111
You losed. The correct answer is 1475693029
Guess the number: 12345678
You losed. The correct answer is 8246712747
```

If we find a binary that asks us to guess the correct time (or time-base number), we can bypass it using a Pipe in command line.

## Exploitation

```
# tr -dc '0-9': Extract the correct number provided by the binary.
echo 1234 | ./example | tr -dc '0-9' | ./example
```

The above payload inputs ‘1234’ at first, then the binary returns the correct number. ** tr** command extracts this number and passes it the second execution of the binary.

As the binary depends on the time, so we can bypass the program by passing the previous answer instantly.