Pilgrimage

Hack The Box. Linux. Easy machine

13 minutes to read

This machine has a website that exposes a Git repository. We are able to extract the PHP source of the web application and find out that it uses ImageMagick under the hood to process uploaded images. The version of ImageMagick has a local file read vulnerability that can be used to read a SQLite database file and find a plaintext password for emily, which is used in SSH too. After that, we find that root executes a Bash script that uses binwalk to remove malware from uploaded image files. The version of binwalk is vulnerable to Remote Code Execution, which leads to the privilege escalation

Blind

ECSC 2023

4 minutes to read

First day. ECDSA. Signature verification. XOR

Hide and seek

ECSC 2023

2 minutes to read

Third day. ECC. Point arithmetic. Discrete logarithm. Pohlig-Hellman

Irish Flan

ECSC 2023

6 minutes to read

First day. Quaternions. Matrix equations. Kernel

Kernel searcher

ECSC 2023

6 minutes to read

Third day. Isogeny. Finding curve parameters. Discrete logarithm

not crypto

ECSC 2023

4 minutes to read

Third day. ROT13. Base64 encoding. ASCII bytes

Put a ring on it

ECSC 2023

4 minutes to read

Third day. Ring signature. Oracle

RRSSAA

ECSC 2023

2 minutes to read

Third day. Multi-prime RSA. PRNG seed. RSA-CRT decryption

Tough decisions

ECSC 2023

4 minutes to read

First day. Learning With Errors. Modular arithmetic

Twist and shout

ECSC 2023

5 minutes to read

Third day. ECC. Invalid Curve Attack. Quadratic Twist

WOTS Up

ECSC 2023

3 minutes to read

First day. Winternitz One-Time Signature. Hash functions. Induction

WOTS Up 2

ECSC 2023

4 minutes to read

First day. Winternitz One-Time Signature. Hash functions