tl;dr
- Extract data from given images using binwalk
- Tranform given diophantine equation into a cubic curve and retrieve EC parameters
- Solve ECDLP given in extracted data using Pohlig Hellman Algorithm
tl;dr
This school CTF had a good set of challenges for beginners
32-bit executable, dynamically linked, not stripped
When you run the executable in the terminal, the program simple asks for an input and checks whether it is the secret it is looking for or not.
debugging in GDB…
1 | gdb-peda$ checksec |
Going through the assembly code, we can see that see a gets() function. This gives us a chance to corrupt any stack address higher than the stack address where the gets() is to read into. We can also see a call to ‘print_flag’ function. This call instruction is executed only after a cmp instruction which compares [ebp-0xc] with ‘0xf007ba11’.
1 | 0x0804861d <+107>: cmp DWORD PTR [ebp-0xc],0xf007ba11 |
Hey, I am SpyD3r(@TarunkantG) and in this blog, I will be discussing the critical bug I have found in Quora which can compromise all users on Quora due to Horizontal Privilege Escalation.
tl;dr
18 / 18