Newsletter 14/01/2024
This machine has a website that exposes a Git repository. We are able to extract the PHP source of the web application and find out that it uses ImageMagick under the hood to process uploaded images. The version of ImageMagick has a local file read vulnerability that can be used to read a SQLite database file and find a plaintext password for emily
, which is used in SSH too. After that, we find that root
executes a Bash script that uses binwalk
to remove malware from uploaded image files. The version of binwalk
is vulnerable to Remote Code Execution, which leads to the privilege escalation
First day. ECDSA. Signature verification. XOR
Third day. ECC. Point arithmetic. Discrete logarithm. Pohlig-Hellman
First day. Quaternions. Matrix equations. Kernel
Third day. Isogeny. Finding curve parameters. Discrete logarithm
Third day. ROT13. Base64 encoding. ASCII bytes
Third day. Ring signature. Oracle
Third day. Multi-prime RSA. PRNG seed. RSA-CRT decryption
First day. Learning With Errors. Modular arithmetic
Third day. ECC. Invalid Curve Attack. Quadratic Twist
First day. Winternitz One-Time Signature. Hash functions. Induction
First day. Winternitz One-Time Signature. Hash functions