gguf

Kevin Mora morkev

gguf

Controls Software Engineer

morkev / cIMG_extraction.py

Last active May 1, 2025 19:38

cIMG extraction

	import struct
	import subprocess

	def read_header(f):
	"""Read and parse the cIMG header"""
	magic = f.read(4)
	if magic != b"cIMG":
	raise ValueError("Invalid magic number")

	version, width, height, num_directives = struct.unpack("<HBBI", f.read(8))

morkev / multi_processed_dynamic_http_post_requests.asm

Created October 23, 2024 04:51

Multi-processed assembly to dynamically respond to multiple HTTP POST requests

morkev / multi_processed_dynamic_http_get_and_post_requests.asm

Last active May 1, 2025 19:37

Multi-processed assembly that dynamically responds to multiple HTTP GET and POST requests.

	.intel_syntax noprefix
	.globl _start

	/*
	Instructions to Assemble, Link, and Run:
	$ as server.s -o server.o
	$ ld server.o -o server
	$ chmod +x server
	$ /challenge/run ./server
	*/

morkev / boss_b64_encode_decode.py

Created October 22, 2024 22:18

Recovers the bytes for the cipher key

	import requests
	import base64
	from urllib.parse import quote
	from bs4 import BeautifulSoup

	def get_ciphertext(session):
	"""Fetches the encrypted backup from the server."""
	response = session.get("http://challenge.localhost:80/")
	if response.status_code != 200:
	print(f"Error: Received status code {response.status_code}")

morkev / miniboss_b64_encode_decode.py

Last active May 1, 2025 19:36

Assembles a prefix attack

	import pexpect
	from base64 import b64encode, b64decode
	import sys

	def send_data(proc, data):
	b64_data = b64encode(data).decode()
	proc.expect("Data\? ")
	proc.sendline(b64_data)
	proc.expect("Ciphertext: (.*)\r\n")
	return proc.match.group(1).decode()

morkev / dhke_key.py

Last active May 1, 2025 19:36

Diffie-Hellman Key Exchange

	from random import randint

	# No documentation, and this does not document itself.
	# Funck you, I guess :/

	p_hex = """
	FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
	29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
	EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
	E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED

morkev / xor_objects_two_bytes.py

Created October 22, 2024 21:47

Using XOR objects to decrypt the flag using known ciphertexts and plaintexts.

	import base64

	def xor_bytes(a, b):
	"""XOR two bytes objects."""
	return bytes(x ^ y for x, y in zip(a, b))

	def decrypt_flag(ciphertexts, plaintexts, flag_ciphertext):
	"""Attempt to decrypt the flag using known ciphertexts and plaintexts."""
	keys = []
	for ptext, ctext in zip(plaintexts, ciphertexts):

morkev / brute_three_byte_prefix.py

Created October 22, 2024 21:43

Brute-force search for a hash with a specific three-byte prefix using SHA256.

	import hashlib
	import os

	def find_specific_hash_collision(target_prefix_hex):
	target_prefix = bytes.fromhex(target_prefix_hex)
	attempts = 0
	while True:
	data = os.urandom(16)
	hash_object = hashlib.sha256(data)
	hash_digest = hash_object.digest()

morkev / ip_packet_sniffer.py

Created October 22, 2024 21:38

Intercepts packets between two hosts

	from scapy.all import *

	def sniff_packets():
	def intercept(packet):
	if packet.haslayer(IP) and packet[IP].src in ["10.0.0.4", "10.0.0.3"] and packet[IP].dst in ["10.0.0.3", "10.0.0.4"]:
	print("Packet from {} to {}: ".format(packet[IP].src, packet[IP].dst))
	print(packet.summary())

	if packet.haslayer(TCP) and packet[TCP].dport == 31337:
	response = IP(src=packet[IP].dst, dst=packet[IP].src)/TCP(sport=packet[TCP].dport, dport=packet[TCP].sport, seq=packet[TCP].ack, ack=packet[TCP].seq + len(packet[TCP].payload), flags="PA")/"Injected Payload"

morkev / pwn_spitter.py

Created October 22, 2024 21:34

Assembles the pwn key one character at the time.

	import requests

	url = 'http://challenge.localhost/'
	password = ''
	position = 1

	characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789{}_!@#$%^&*()-=+[]\\\|;:\'",.<>/?`~ '

	while True:
	found_char = False