Mario Kahlhofer blu3r4y

## googlectf2022_log4j.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                blu3r4y
                / googlectf2022_log4j.md
            
            
              Created
              July 13, 2022 20:18
            
          
    Write-Up: Web - Log4j & Log4j2 from Google CTF 2022

This blog post explains three ways to exploit Log4j 2.17.2 from Google CTF 2022:

Level 1: Trigger an exception in Log4j that contains the flag
Level 2: Guessing the flag with the help of RegEx conversion patterns
Bonus: Guessing the flag with a time-based side channel using ReDoS

The bonus was not necessary to solve the challenge but fun to code ;)

  
## setup-poetry.yml
name: setup-poetry
on:
  push:

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

## network_flow_visualization.py
# Copyright 2021
#    Dynatrace Research
#    SAL Silicon Austria Labs
#    LIT Artificial Intelligence Lab
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0

## grouped_train_test_split.py
# Copyright 2021
#    Dynatrace Research
#    SAL Silicon Austria Labs
#    LIT Artificial Intelligence Lab
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0

## dt_nad2021_features.py
# Copyright 2021
#    Dynatrace Research
#    SAL Silicon Austria Labs
#    LIT Artificial Intelligence Lab
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0

## whatsapp_convert_locale.py
import re, sys

REGEX_ATTACHMENT = {"de": r"\u200E(.*?) \(Datei angehängt\)"}
SUB_ATTACHMENT = r"<attached: \g<1>>"


def convert(file: str, locale="de"):
    """
    Convert the locale of attachments to the english one.
    The output is written to a file in the same location.

## majority_vote.py
import numpy as np


def majority_vote(*arrays: np.array, n_classes: int = None) -> np.array:
    """
    Given an arbitrary number of integer-based, one-dimensional input vectors
    that represent class labels, compute a new vector that will take the majority
    label of the input vectors. Ties are broken randomly for each observation.

    If you omit the `n_classes` argument, it will be inferred by counting

## circus_flask.py
from circus import get_arbiter

alice = dict(
    name="alice",
    cmd="python -m flask run --port=81",
    env={"FLASK_APP": "flask_alice.py"},
    copy_env=True,
    copy_path=True,
)

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                blu3r4y
                / keybase.md
            
            
              Last active
              January 5, 2021 17:28
            
              
                My keybase proof
              
          
    Keybase proof

I hereby claim:

I am blu3r4y on github.
I am blu3r4y (https://keybase.io/blu3r4y) on keybase.
I have a public key ASAaCd4yddilhaf1QEv9GI40ZdcfMICJMpPkklewor035Ao

To claim this, I am signing this object:

  
## lazysequence.py
from functools import lru_cache
from typing import Sequence


class LazySequence(Sequence):
    """
    A sequence object that is backed by a function for retrieving elements
    """

    @lru_cache(maxsize=None)
	name: setup-poetry
	on:
	push:

	jobs:
	test:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v2
	# Copyright 2021
	# Dynatrace Research
	# SAL Silicon Austria Labs
	# LIT Artificial Intelligence Lab
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	import re, sys

	REGEX_ATTACHMENT = {"de": r"\u200E(.*?) \(Datei angehängt\)"}
	SUB_ATTACHMENT = r"<attached: \g<1>>"


	def convert(file: str, locale="de"):
	"""
	Convert the locale of attachments to the english one.
	The output is written to a file in the same location.
	import numpy as np


	def majority_vote(*arrays: np.array, n_classes: int = None) -> np.array:
	"""
	Given an arbitrary number of integer-based, one-dimensional input vectors
	that represent class labels, compute a new vector that will take the majority
	label of the input vectors. Ties are broken randomly for each observation.

	If you omit the `n_classes` argument, it will be inferred by counting
	from circus import get_arbiter

	alice = dict(
	name="alice",
	cmd="python -m flask run --port=81",
	env={"FLASK_APP": "flask_alice.py"},
	copy_env=True,
	copy_path=True,
	)
	from functools import lru_cache
	from typing import Sequence


	class LazySequence(Sequence):
	"""
	A sequence object that is backed by a function for retrieving elements
	"""

	@lru_cache(maxsize=None)