Scar26

#!/usr/bin/python3

import sys
import os
from lfsr import LFSR
from secret import FLAG, PRIMITIVE_POLYNOMIAL

def bytes_to_bits(_bytes):
	str_bits = ''.join([bin(int(_byte))[2:].zfill(8) for _byte in _bytes])
	int_bits = [int(bit) for bit in str_bits]

Scar26

import random

q = 3329
R = Zmod(q)
N = 32
l = 2
d = 11
Rx.<x> = PolynomialRing(R)
Rq.<u> = Rx.quotient(x^N + 1)

Scar26

import random

q = 3329
R = Zmod(q)
N = 32
l = 2
d = 11
Rx.<x> = PolynomialRing(R)
Rq.<u> = Rx.quotient(x^N + 1)

Scar26

#Spec

- The actual exploit is placed in `/expl/pwn.py` and can be run with python3
- Upon being executed, it will make the team `SDSLabs` rise to the top of the leaderboard

Scar26

Google Summer of Code 2020 with OWASP foundation

JuiceShop chatbot and general fixes

This project's aim was to develop an intentionally vulnerable npm module that can be used to quickly set up chatbots, and then using it to implement a responsive, NLP-based chatbot for OWASP juice-shop, along with two accompanying challenges.

It is unique in the sense that this is the first juice-shop challenge that requires the users to track down a third party dependency, go through the library's code and find a vulnerability, which can then be exploited from within the application.

Student: Mohit Sharma

Scar26

const juice = require('./index');

bot = new juice.Bot('Jeff','Ma Nemma ', '{hi:"hello",name:""}');
console.log(bot.greet())
console.log(bot.factory.run('training_set'))
bot.train();
console.log(bot.factory.run('global.response_set'))
console.log(bot.respond("name"))

Scar26

- Webcam needs to remain on the entire time
- Points are deducted if the platform window goes out of focus, so googling is penalised
- Not allowed to get up or leave the room
- Notepads e.t.c are allowed
- In case you're disconnected, participants can log back in within 20 minutes of the disconnection and resume the test from where they left.
- Points awarded for both performance and code clarity