-
Crypto - Numerology - GoogleCTF
Crypto The only one i did was Numerology an easy cryptography challenge where it was presented a custom stream cipher inspired by ChaCha20, but with a twist: it uses only a single round of mixing operations. crypto_numerology.py: The cipher implementation ctf_challenge_package.json: JSON dataset of known plaintext/ciphertext pairs, together with the...
-
CyberApocalypse 2025 - Laconic
Using Sigreturn-Oriented Programming (SROP) It was decompiled trought ghidra as you can see there’s typedef unsigned char undefined; typedef unsigned char byte; typedef unsigned int dword; typedef unsigned long qword; typedef unsigned short word; typedef enum Elf_ProgramHeaderType { PT_NULL=0, PT_LOAD=1, PT_DYNAMIC=2, PT_INTERP=3, PT_NOTE=4, PT_SHLIB=5, PT_PHDR=6, PT_TLS=7, PT_GNU_EH_FRAME=1685382480, PT_GNU_STACK=1685382481, PT_GNU_RELRO=1685382482 }...
-
Web_Dusty_alleys
Exploiting SSRF Vulnerabilities In this article, we will walk through the exploitation of a Server-Side Request Forgery (SSRF) vulnerability, particularly focusing on how attackers can misuse the HTTP/1.0 protocol downgrade technique to manipulate the server’s behavior, leak sensitive data, and exfiltrate secrets. What is SSRF? Server-Side Request Forgery (SSRF) is...