disconnect3d · February 27, 2017 01:13
diff --git a/BKPCTF some solutions b/BKPCTF some solutions
 HIDDENSC:
 02:00 <@crowell> disconnect3d: it's from the poking holes in information hiding paper
 https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/oikonomopoulos
 POC: 02:11:16 <yrp> tezeb: https://gist.github.com/yrp604/82e4f1cb8ed553c7a995237062177a6c

 MINESWEEPER:
 02:00 <yyyyyyy> minesweeper writeup: https://hxp.io/blog/30

 RSA:
 02:00 <@gsilvis> RSA: 1 has a small factor [use pollard's rho]; 2 has a factor p where p-1 is smooth [use pollard's p-1]; 3 was GCD; 4 was Weiner's attack; 5 was Fermat's factorization algorithm

 ACCOUNTING:
 02:01 <@Elision> here's my accounting solution script https://github.com/cstanfill/accounting-writeup

 SIDH:
 02:01 <@Elision> here's a real FULL writeup for SIDH https://github.com/cstanfill/sidh-writeup

 CLICK CLASK:
 02:01 <dropkick_> crowell: what was your intended solution for click clack?  we threw ML at it but came up short
 02:02 <dropkick_> then again, I forget what ML even stands for
 02:02 <@crowell> dropkick_: all of the ML
 02:02 <@Elision> so many ML
 02:02 <@crowell> tensorflow, torch, back into tensorflow

 RBASH ESCAPE:
 02:02 <mak`> what was rbash about?
 02:02 <@crowell> mak`: 0day rbash escape
 02:02 <verylazyguy> mak: BASH_CMDS[0]=/flag/showFlag; 0

 SNOWCLOUD:
 02:01 <maxwakeh> Snowcloud solution please
 02:02 <@L4nL4n> maxwakeh: snowcloud is writing your text to an image and OCRing it. XSS filter is before writing it to the image.

 BAREWITHME:
 02:03 <valis> what was the kernel vuln in barewithme?
 02:03 <immerse> valis: the return value of kmalloc was unchecked in one place
 02:05 <@acez> https://github.com/acama/ctf/tree/master/bkpctf2017/barewithme

 SPONGE:
 02:05 <negasora> oops, method for sponge
 02:05 <@L4nL4n> negasora: meet in the middle on the small rate
 02:05 <@gsilvis> negasora: You could do a meet-in-the-middle attack.  Run the hash backwards from the state at the end, and fowards from the initial state, then patch up the messed up stuff in the middle block

 VIM JAIL:
 02:07 <h0twinter> what was vimjail's solution...
 02:07 <mxms> h0twinter: python!
 02:07 <mxms> (and some other stuff)


 ---
 DO THE SURVEY:
 02:08 <@L4nL4n> if you get a chance PLEASE answer the survey: https://goo.gl/W06UsG
	HIDDENSC:
	02:00 <@crowell> disconnect3d: it's from the poking holes in information hiding paper
	https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/oikonomopoulos
	POC: 02:11:16 <yrp> tezeb: https://gist.github.com/yrp604/82e4f1cb8ed553c7a995237062177a6c

	MINESWEEPER:
	02:00 <yyyyyyy> minesweeper writeup: https://hxp.io/blog/30

	RSA:
	02:00 <@gsilvis> RSA: 1 has a small factor [use pollard's rho]; 2 has a factor p where p-1 is smooth [use pollard's p-1]; 3 was GCD; 4 was Weiner's attack; 5 was Fermat's factorization algorithm

	ACCOUNTING:
	02:01 <@Elision> here's my accounting solution script https://github.com/cstanfill/accounting-writeup

	SIDH:
	02:01 <@Elision> here's a real FULL writeup for SIDH https://github.com/cstanfill/sidh-writeup

	CLICK CLASK:
	02:01 <dropkick_> crowell: what was your intended solution for click clack? we threw ML at it but came up short
	02:02 <dropkick_> then again, I forget what ML even stands for
	02:02 <@crowell> dropkick_: all of the ML
	02:02 <@Elision> so many ML
	02:02 <@crowell> tensorflow, torch, back into tensorflow

	RBASH ESCAPE:
	02:02 <mak`> what was rbash about?
	02:02 <@crowell> mak`: 0day rbash escape
	02:02 <verylazyguy> mak: BASH_CMDS[0]=/flag/showFlag; 0

	SNOWCLOUD:
	02:01 <maxwakeh> Snowcloud solution please
	02:02 <@L4nL4n> maxwakeh: snowcloud is writing your text to an image and OCRing it. XSS filter is before writing it to the image.

	BAREWITHME:
	02:03 <valis> what was the kernel vuln in barewithme?
	02:03 <immerse> valis: the return value of kmalloc was unchecked in one place
	02:05 <@acez> https://github.com/acama/ctf/tree/master/bkpctf2017/barewithme

	SPONGE:
	02:05 <negasora> oops, method for sponge
	02:05 <@L4nL4n> negasora: meet in the middle on the small rate
	02:05 <@gsilvis> negasora: You could do a meet-in-the-middle attack. Run the hash backwards from the state at the end, and fowards from the initial state, then patch up the messed up stuff in the middle block

	VIM JAIL:
	02:07 <h0twinter> what was vimjail's solution...
	02:07 <mxms> h0twinter: python!
	02:07 <mxms> (and some other stuff)


	---
	DO THE SURVEY:
	02:08 <@L4nL4n> if you get a chance PLEASE answer the survey: https://goo.gl/W06UsG