Thoughts, writeups, and experiments in cybersecurity and coding
Can you help Han Shangyan win the lottery? We are provided with a Bash script that simulates a lottery game. Here is the source code: The Vulnerabilities There are two distinct vulnerabilities that, when chained together, allow for Remote Code Execution (RCE). A. Regex Bypass The script attempts to validate the input using a Regular … Read more
We made an encryption service. We forgot to make the decryption though.\As compensation we are giving free encrypted flags. The service allows users to submit plaintexts, which are then encrypted using AES-CBC with a user-supplied key. As a bonus, the flag is appended to the plaintext and encrypted as well. Provided Files enc.py run.sh Vulnerability … Read more