- Web Cache Deception
- XXE - IN/OUT bound
- SSRF
- WS Hijacking
- Deserialization
- SSTI
- RCE
- CVEs
- JS Memory Leak (QA??)
- Overflows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
from math import gcd | |
n = 113138904645172037883970365829067951997230612719077573521906183509830180342554841790268134999423971247602095979484887092205889453631416247856139838680189062511282674134361726455828113825651055263796576482555849771303361415911103661873954509376979834006775895197929252775133737380642752081153063469135950168223 | |
e = 65537 | |
d = 87345713405055532428664184040885638635456003191089749453199952101307167014234779974982171268609415280584641472420424299514002514548043646741981648196634644960356958819956637431278502574332925957523028825580469419959164626563649612912919564472132340496010962167627957743115660323378023656051813802028938198977 | |
k = e*d - 1 | |
g = random.randint(2, n - 1) | |
t = k |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ucf details | |
clk | |
reset | |
RS232_Uart_1_sin | |
RS232_Uart_1_sout | |
lvcmos | |
33 | |
15 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Util.number import long_to_bytes | |
c = 0x2f7f63b5e27343dcf750bf83fb4893fe3b20a87e81e6fb62c33d30 | |
p = 56594044391339477686029513026021974392498922525513994709310909529135745009448534622250639333011770158535778535848522177601610597930145120019374953248865595853915254057748042248348224821499113613633807994411737092129239655022633988633736058693251230631716531822464530907151 | |
b = long_to_bytes(p) | |
a = 0x5a0b05d9831438ac8561d2b0a42be1cf5613db21deb9a443e21c4d # from b | |
print(bytes.fromhex(hex(a ^ c)[2:]).decode("ASCII")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
p = 69691 | |
g = 1001 | |
A = 17016 | |
B = 47643 | |
arr = [] | |
arr1 = [] | |
for a in range(1, p): | |
if pow(g, a, p) == A: | |
arr.append(a) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from PIL import Image | |
from numpy import * | |
import base64 | |
img = Image.open('inject.png') | |
numpydata = asarray(img) | |
color_array = [] | |
for row in numpydata: | |
for columns in row: |
steghide extract -sf sound.wav
-> We get a vbs.bmp
file
steghide extract -sf vbs.bmp
-> We get a file named inf.txt
having this as info (for Signal Processing)
- the
.tgs
file is a telegram sticker - send it to the sticker bot on telegram to render it, or convert it to another format. The animation shows 6 characters "mrgr3y"
.tgs
format is essentially a gzipped JSON. Get the JSON by usinggzip -d
- Load the JSON to see that there's a key named
sandwich
. The contents of this key is a long hex string. Decode this into bytes and save it to file. - This file is a 7z file protected with a password. Use the password
mrgr3y
- You'll get a file
flag.RDxR10
- That's a shell archive. Execute it :
./flag.RDxR10
- You get the flag encoded in grey code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from simon import SimonCipher | |
my_simon = SimonCipher(0xABBBAAABAABAAABAAABABAABAAABABBA) | |
simon_ciphertext = 0xDCD9D598AE2990D31F230F3BE7813716 | |
simon_plaintext = my_simon.decrypt(simon_ciphertext) | |
print(hex(simon_plaintext)[2:]) | |
#note that this is in base36 format |
NewerOlder