One Time 'Bad' - AngstromCTF 2020

Показать описание

John Hammond

Рекомендации по теме

Комментарии

The flaw is on the random seed, it uses time.time() which is totally fine but then it wrapped using int(), that makes the time.time() value becomes rounded into a whole integer, then we can use the same genSample() script with the seed
int(time.time())+1 and it will be the same as the service seed when you connect after you generate the sample

wrthh

I was literally banging my head for this... so simple! Thanks will look for such things onwards...

hallgowrt

you always show us the most interesting things 😍

SoujanyaCS

I think the weakness is in seeding the random one time when the connection is established, so you'd request a samples, get the correct seed (since you have a small interval of mili-seconds from the connection to getting the prompt), and know what the next randint will be and get the flag.
You're way is more simpler!!

merzoukbensellouaahmedyass

Great video :) can't wait to see more content

ripmeep

I appreciate your fast movement man .. good

abiworldseccentric

That makes so much sense. The probability of guessing correctly with A is just 1/(30*26) = 1/780. What a good solution.

zaxioms

Good morning I'm having trouble keeping my eyes open.

mattfowler

Hi John, difficult to refuse such a polite invite to smash YouTube algorithm for fun (us) and profit (you, hopefully ); btw I do have a weird idea. You have lately been pretty busy with different certifications and pwned all the good ones. Old continent is in lockdown but this might be the perfect time to “upgrade” ones CV. (Admittedly we are lucky to be in this branch and have so far pretty secure jobs while whole countries are switching to working online) but it would be nice to see proper response from major companies offering significant discounts for at least some certifications. While I do appreciate all those 10-15% off “insert-color” Friday, a Corona50%OFF discount would be much more interesting and accessible for this pretty major disruption in our lives. (Sorry if I’m a bit of topic but it’s been on my mind last few days). Cheers

docmalitt

nice keep doing ctf no more netflix 🎉🎉✌

abdiwahabahmedomar

Hello how many cups of coffee did you have this morning?

gwnbw

If you didn't like the video press the dislike button twice... LOL

fail

Press the dislike button twice, haha good one

Wizatek

One Time 'Bad' - AngstromCTF 2020

One Time 'Bad' - AngstromCTF 2020

The ULTIMATE One Time Pad Tutorial

angstromCTF 2022: Randomly Sampled Algorithm

angstromCTF 2022: whatsmyname

Free Flags | Angstrom CTF | CTF

TryHackMe! PickleRick - BYPASSING Denylists

Non-Printable Characters 'Inputter' - AngstromCTF 2020

Angstrom ctf-2019 web category control you-20 points

C 105 Two Time Pad

Hidden Netcat Data ('Clam Clam Clam') - AngstromCTF 2020

Leaking Secret Data with a Heap Overflow - 'Leek' Pwn Challenge [Angstrom CTF 2023]

Angstrom CTF 2021 - Web Challenge Walkthroughs

Many time pad attack

Esoteric || Tenable CTF 2021 || Misc Challenge || Walkthrough

TryHackMe! EternalBlue/MS17-010 in Metasploit

Ctflearn (Git is Good) Difficulty:Medium

KING OF THE HILL - BsidesNoVA CTF 1ST PLACE

[CTF] [WEB] angstrom 2019 - No Sequels - MongoDB Injection

Web Obfuscation | MLSC CTF 2022 | CTF For beginners

Heap Exploit (ret2win) - 'Hellbound' Pwn Challenge [HackTheBox Cyber Apocalypse CTF 2022]

TryHackMe! OhSINT - METADATA & Research

Web Challenge Walkthroughs - Digital Overdose CTF 2021

Juniors CTF 2016 :: Oh SSH!

All-Army Cyberstakes - Server-Side Template Injection