Skip to content

Instantly share code, notes, and snippets.

View Scar26's full-sized avatar

SC4R Scar26

View GitHub Profile
#!/usr/bin/python3
import sys
import os
from lfsr import LFSR
from secret import FLAG, PRIMITIVE_POLYNOMIAL
def bytes_to_bits(_bytes):
str_bits = ''.join([bin(int(_byte))[2:].zfill(8) for _byte in _bytes])
int_bits = [int(bit) for bit in str_bits]
import random
q = 3329
R = Zmod(q)
N = 32
l = 2
d = 11
Rx.<x> = PolynomialRing(R)
Rq.<u> = Rx.quotient(x^N + 1)
import random
q = 3329
R = Zmod(q)
N = 32
l = 2
d = 11
Rx.<x> = PolynomialRing(R)
Rq.<u> = Rx.quotient(x^N + 1)
@Scar26
Scar26 / gist:98dcf429f6b97732f53574aab6d2ab94
Created December 19, 2020 23:12
Leaderboard manipulation exploit: Test case specifications
#Spec
- The actual exploit is placed in `/expl/pwn.py` and can be run with python3
- Upon being executed, it will make the team `SDSLabs` rise to the top of the leaderboard
@Scar26
Scar26 / GSoC2020Summary.md
Created August 31, 2020 09:36
Final report for my GSoC 2020 project, completed under OWASP foundation

Google Summer of Code 2020 with OWASP foundation

JuiceShop chatbot and general fixes

This project's aim was to develop an intentionally vulnerable npm module that can be used to quickly set up chatbots, and then using it to implement a responsive, NLP-based chatbot for OWASP juice-shop, along with two accompanying challenges.

It is unique in the sense that this is the first juice-shop challenge that requires the users to track down a third party dependency, go through the library's code and find a vulnerability, which can then be exploited from within the application.

Student: Mohit Sharma

@Scar26
Scar26 / juicybottest.js
Created May 21, 2020 09:41
esting script for v1.0 of juicy-chat-bot
const juice = require('./index');
bot = new juice.Bot('Jeff','Ma Nemma ', '{hi:"hello",name:""}');
console.log(bot.greet())
console.log(bot.factory.run('training_set'))
bot.train();
console.log(bot.factory.run('global.response_set'))
console.log(bot.respond("name"))
@Scar26
Scar26 / ningerundayo.txt
Last active March 20, 2020 13:57
yare yare daze
- Webcam needs to remain on the entire time
- Points are deducted if the platform window goes out of focus, so googling is penalised
- Not allowed to get up or leave the room
- Notepads e.t.c are allowed
- In case you're disconnected, participants can log back in within 20 minutes of the disconnection and resume the test from where they left.
- Points awarded for both performance and code clarity