I hereby claim:
- I am sdamashek on github.
- I am sdamashek (https://keybase.io/sdamashek) on keybase.
- I have a public key whose fingerprint is 63F2 BF77 2A76 D624 97D2 94DB 6C3E B8FD 3C47 2B56
To claim this, I am signing this object:
Sam Damashek sdamashek
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| range - IP Range Owner | |
| 46.148.30.0/23 - Infium LLC | |
| 62.109.0.0/19 - TheFirst-RU clients | |
| 62.122.72.0/23 - Leksim Ltd. | |
| 78.24.216.0/21 - TheFirst-RU clients | |
| 82.146.40.0/21 - Infium LLC | |
| 82.146.56.0/21 - TheFirst-RU clients | |
| 91.197.131.0/24 - Virtual Data Computing LLC | |
| 91.207.60.0/23 - PE Ivanov Vitaliy Sergeevich |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pybrain.structure import RecurrentNetwork, FeedForwardNetwork, FullConnection, LinearLayer, SigmoidLayer | |
| from pybrain.datasets import SupervisedDataSet | |
| from pybrain.supervised.trainers import BackpropTrainer | |
| from math import log,exp | |
| import cv,cv2 | |
| import os | |
| import random | |
| import ImageFont, Image, ImageDraw | |
| import time | |
| import numpy as np |
sdamashek
/ Point-Slope Encryption.md
Last active
May 15, 2016 14:03
TJ CSL Writeup for Point-Slope Encryption (PACTF 2016)
For this challenge we were given a pretty basic python script. The script contained two functions: s, which approximates the derivative of the function f at point x, and encrypt, which calculates the value of f(a) and f(m), as well as the approximate derivative of f at both a and m. It then does some manipulation of these numbers to return a tuple.
Essentially what we had to do was figure out what secret_func (f) was, so that we could calculate encrypt for all possible ascii values, then map the resulting encrypted tuples to the given encrypted message to find the decrypted flag.
We're given:
- a = -9 Pi/4
- f(a) = -65.50409525102073
- df/dx = 1651/(12pi * cosx + 5pi * sinx)
sdamashek
/ Phillips Decryption Service.md
Created
May 15, 2016 14:35
TJ CSL Writeup for Phillips Decryption Service (PACTF 2016)
The main idea behind this one was that we could encrypt any message we want, and then send it to the decryption service to be decrypted, unless that message was the encrypted flag.
Basically all we had to do was multiply the ciphertext by 2^e (where e is the public exponent), and then C^d = [f^e*2^e] = f^ed * 2^ed = 2f mod n, so the result of that decryption will be double the flag (see http://www.dtc.umn.edu/~odlyzko/doc/arch/rsa.attack.pdf).
First, getting the information about the public key:
samuel@samaritan ~/projects/pactf % openssl rsa -in pub.a82ac1b8c0d1.pem -pubin -noout -text
sdamashek
/ Not-So-Random Randomness.md
Created
May 15, 2016 14:43
TJ CSL Writeup for Not-So-Random Randomness (PACTF 2016)
This key was generated on a Debian system with the weak random seed vulnerability, where the only seed of randomness was the process ID. Looking at the fingerprint,
samuel@samaritan ~/projects/pactf % ssh-keygen -lf notso.pem
2048 SHA256:nvIH90xVEyG7AlAhLbmpzthDpjQPTkOIAF6q2k/Iruw no comment (RSA)
So the solution was to generate keys on a system with weak Debian binaries for all possible process IDs, and compare this fingerprint to the produced fingerprints. Below is the script to do so, using a pre-existing LD_PRELOADable library which overrides getpid to the content of the MAGICPID env variable:
sdamashek
/ SQL: The Sequel.md
Created
May 15, 2016 15:40
TJ CSL Writeup for SQL: The Sequel (PACTF 2016)
This problem was pretty simple - even though uname and pswd were filtered through mysql_real_escape_string(), the NO_BACKSLASH_ESCAPES option essentially negated that protection.
So to ignore the password field, use the username admin";# and you'll get the flag: Your flag is: bobby_tables_little
sdamashek
/ selfmodifying.patch
Last active
July 6, 2016 15:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From f1dd0199cd7bc2e3b5b579852d96d505f731cb7a Mon Sep 17 00:00:00 2001 | |
| From: Samuel Damashek <samuel.damashek@invincea.com> | |
| Date: Wed, 6 Jul 2016 11:41:52 -0400 | |
| Subject: [PATCH] Fix for self-modifying writes across page boundaries. | |
| As it currently stands, QEMU does not properly handle self-modifying code | |
| when the write is unaligned and crosses a page boundary. The procedure | |
| for handling a write to the current translation block is to write-protect | |
| the current translation block, catch the write, split up the translation | |
| block into the current instruction (which remains write-protected so that |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from google.protobuf.internal.decoder import _DecodeVarint | |
| from google.protobuf.internal.encoder import _VarintBytes | |
| import datapoint_pb2 | |
| def read_message(buf): # buf is a bytestring | |
| pos = 0 # Start of varint32 | |
| value, new_pos = _DecodeVarint(buf, pos) | |
| msg = datapoint_pb2.DataPoint() | |
| msg.ParseFromString(buf[new_pos:new_pos+value]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import math | |
| import random | |
| import sys | |
| def main(): | |
| num = int(sys.argv[1]) | |
| points_in = 0 | |
| for _ in range(num): | |
| px, py = random.random() * 2 - 1, random.random() * 2 - 1 | |
| if (px**2 + py**2) <= 1: |
OlderNewer