- Web Cache Deception
- XXE - IN/OUT bound
- SSRF
- WS Hijacking
- Deserialization
- SSTI
- RCE
- CVEs
- JS Memory Leak (QA??)
- Overflows
RDxR10
/ sei_extra.md
Created
November 26, 2022 16:13
RDxR10
/ illusion.md
Created
May 26, 2021 12:45
RDxR10
/ Factorize_method_A.py
Last active
May 12, 2021 17:49
Factorization of N given e and d based on trial and error. [Divide k by powers of 2 satisfying x to be greater than 1]. Full explanation here: https://crypto.stackexchange.com/questions/62482/algorithm-to-factorize-n-given-n-e-d/62487#62487
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| from math import gcd | |
| n = 113138904645172037883970365829067951997230612719077573521906183509830180342554841790268134999423971247602095979484887092205889453631416247856139838680189062511282674134361726455828113825651055263796576482555849771303361415911103661873954509376979834006775895197929252775133737380642752081153063469135950168223 | |
| e = 65537 | |
| d = 87345713405055532428664184040885638635456003191089749453199952101307167014234779974982171268609415280584641472420424299514002514548043646741981648196634644960356958819956637431278502574332925957523028825580469419959164626563649612912919564472132340496010962167627957743115660323378023656051813802028938198977 | |
| k = e*d - 1 | |
| g = random.randint(2, n - 1) | |
| t = k |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ucf details | |
| clk | |
| reset | |
| RS232_Uart_1_sin | |
| RS232_Uart_1_sout | |
| lvcmos | |
| 33 | |
| 15 |
RDxR10
/ UTCTF-2021-Illegal-Prime.py
Last active
March 16, 2021 06:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Crypto.Util.number import long_to_bytes | |
| c = 0x2f7f63b5e27343dcf750bf83fb4893fe3b20a87e81e6fb62c33d30 | |
| p = 56594044391339477686029513026021974392498922525513994709310909529135745009448534622250639333011770158535778535848522177601610597930145120019374953248865595853915254057748042248348224821499113613633807994411737092129239655022633988633736058693251230631716531822464530907151 | |
| b = long_to_bytes(p) | |
| a = 0x5a0b05d9831438ac8561d2b0a42be1cf5613db21deb9a443e21c4d # from b | |
| print(bytes.fromhex(hex(a ^ c)[2:]).decode("ASCII")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| p = 69691 | |
| g = 1001 | |
| A = 17016 | |
| B = 47643 | |
| arr = [] | |
| arr1 = [] | |
| for a in range(1, p): | |
| if pow(g, a, p) == A: | |
| arr.append(a) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from PIL import Image | |
| from numpy import * | |
| import base64 | |
| img = Image.open('inject.png') | |
| numpydata = asarray(img) | |
| color_array = [] | |
| for row in numpydata: | |
| for columns in row: |
RDxR10
/ Camouflage_darkCON_writeup.md
Last active
February 22, 2021 15:43
steghide extract -sf sound.wav
-> We get a vbs.bmp file
steghide extract -sf vbs.bmp
-> We get a file named inf.txt having this as info (for Signal Processing)
RDxR10
/ Gray-Sandwich-writeup-ISFCR.md
Last active
February 16, 2021 18:39
File : https://shorturl.at/nqIOW
- the
.tgsfile is a telegram sticker - send it to the sticker bot on telegram to render it, or convert it to another format. The animation shows 6 characters "mrgr3y"
.tgsformat is essentially a gzipped JSON. Get the JSON by usinggzip -d- Load the JSON to see that there's a key named
sandwich. The contents of this key is a long hex string. Decode this into bytes and save it to file. - This file is a 7z file protected with a password. Use the password
mrgr3y - You'll get a file
flag.RDxR10 - That's a shell archive. Execute it :
./flag.RDxR10 - You get the flag encoded in grey code.
RDxR10
/ Basement-Brunch-with-Simon-ISFCR.py
Created
February 15, 2021 19:26
Desc : Simon is waiting for you in basement 36 and wants to have brunch together. Take this key and ciphertext to enter the basement. Have a pleasant brunch! Key: 0xABBBAAABAABAAABAAABABAABAAABABBA CT: 0xDCD9D598AE2990D31F230F3BE7813716 NOTE: Enclose flag within PESUCTF{} ALPHANUMERIC format : ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from simon import SimonCipher | |
| my_simon = SimonCipher(0xABBBAAABAABAAABAAABABAABAAABABBA) | |
| simon_ciphertext = 0xDCD9D598AE2990D31F230F3BE7813716 | |
| simon_plaintext = my_simon.decrypt(simon_ciphertext) | |
| print(hex(simon_plaintext)[2:]) | |
| #note that this is in base36 format |
NewerOlder