mischard
PyDome
hackthebox
Task: bypass 4 levels of validation in a Python TCP server that checks 100 comma-separated values against SHA256 hash and forest string. Solution: exploit PRNG stream reuse between code paths (both use randrange(0,100)), bypass Level 4 via zip() with empty iterator (all([])==True), leak random stream via non-integer path, compute candidate SHA256 hashes.
$ ls tags/ techniques/
prng_stream_reusezip_empty_iterator_bypasssha256_hash_constructionoracle_leak
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub, then upgrade to Pro.
$ssh [email protected]