Newsletter 08/11/2023
This machine contains a website that allows to generate equations using LaTeX. With this feature we can read arbitrary files from the server with LaTeX injection techniques and find a hashed password for another subdomain, which can be cracked. This password is reused in SSH. After that, root
is executing gnuplot
scripts periodically, which leads to the privilege escalation
RSA. Factorial. Modular arithmetic. Integer division
XOR. Permutations and substitutions
Mersenne primes. Sum of divisors
ECC. ECDSA. Public key recovery. Biased nonces. Hidden Number Problem. LLL lattice reduction
AKS primality test. Carmichael numbers. Euler totient function
Web3. Ethereum addresses and signatures
DSA. Recurrence relation. Nonces