From 9252b774c649cf1eb91869e838127fd34b552ba6 Mon Sep 17 00:00:00 2001
From: Harshit Jain <harshitjain0502@gmail.com>
Date: Sat, 22 Feb 2025 20:24:48 +0530
Subject: [PATCH] add cheatsheets

---
 Cryptohack/RSA/Signatures Part 1.md     | 19 +++++++++++++++++++
 generate_readme.py                      | 12 +++++++++---
 picoCTF/Web Exploitation/Who are you.md | 16 +++++++++-------
 3 files changed, 37 insertions(+), 10 deletions(-)
 create mode 100644 Cryptohack/RSA/Signatures Part 1.md

diff --git a/Cryptohack/RSA/Signatures Part 1.md b/Cryptohack/RSA/Signatures Part 1.md
new file mode 100644
index 0000000..df15f16
--- /dev/null
+++ b/Cryptohack/RSA/Signatures Part 1.md	
@@ -0,0 +1,19 @@
+# Signatures Part 1
+
+## 1. Signing Server
+
+```python
+from pwn import *
+import json
+
+conn = remote("socket.cryptohack.org", 13374)
+conn.recvline()
+
+conn.sendline(json.dumps({"option": "get_secret"}).encode())
+c = json.loads(conn.recvline().decode())["secret"]
+conn.sendline(json.dumps({"option": "sign", "msg": str(c)}).encode())
+
+signature = json.loads(conn.recvline().decode())["signature"][2:]
+m = bytes.fromhex(signature)
+print(m)
+```
diff --git a/generate_readme.py b/generate_readme.py
index 181ed2a..28c3dc7 100644
--- a/generate_readme.py
+++ b/generate_readme.py
@@ -39,19 +39,25 @@ def generate_readme():
 - [xss-game](https://xss-game.appspot.com/) for XSS
 - [CTFTime](https://ctftime.org/) for Upcoming CTFs
 
-## Resources & Tools
+## Concepts
 
 - [CTF Handbook](https://ctf101.org/)
 - [Intro to PWN](https://lnwatson.co.uk/posts/pwn-challenges/)
 - [Intro to Forensics](https://infosecwriteups.com/beginners-ctf-guide-finding-hidden-data-in-images-e3be9e34ae0d)
-- [Wireshark: TLS Decryption](https://wiki.wireshark.org/TLS)
 - [RSA Attacks](https://www.ams.org/notices/199902/boneh.pdf)
-- [Burp Suite docs](https://portswigger.net/burp/documentation)
 - [XSS Cheat Sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
 - [Prototype Pollution](https://portswigger.net/web-security/prototype-pollution)
+
+## Tools
+- [Wireshark: TLS Decryption](https://wiki.wireshark.org/TLS)
+- [curl Cheatsheet](https://devhints.io/curl)
+- [nc Cheatsheet](https://quickref.me/nc)
+- [nmap Cheatsheet](https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/)
+- [BurpSuite docs](https://portswigger.net/burp/documentation)
 - [Online decryption and decoding](https://cryptii.com/)
 - [Online decompiler](https://dogbolt.org/)
 
+
 [Other Useful Links](https://medium.com/technology-hits/capture-the-flag-ctf-resources-for-beginners-9394ee2ea07a#2e91)
 """
     readme_content += resources_section
diff --git a/picoCTF/Web Exploitation/Who are you.md b/picoCTF/Web Exploitation/Who are you.md
index 660afb6..b1c540e 100644
--- a/picoCTF/Web Exploitation/Who are you.md	
+++ b/picoCTF/Web Exploitation/Who are you.md	
@@ -6,10 +6,11 @@
 Only people who use the official PicoBrowser are allowed on this site!
 ```
 
-So, the **User-Agent** header should include [PicoBrowser](https://developer.picoxr.com/document/web/development-platform/):
+**User-Agent** header:
 
 ```shell
-curl -H "User-Agent: PicoBrowser/3.3.36" http://mercury.picoctf.net:52362/
+curl -A "PicoBrowser" http://mercury.picoctf.net:52362/
+curl -H "User-Agent: PicoBrowser" http://mercury.picoctf.net:52362/
 ```
 
 ```text
@@ -19,7 +20,8 @@ I don't trust users visiting from another site.
 **Referer** header:
 
 ```shell
-curl -H "User-Agent: PicoBrowser/3.3.36" -H "Referer:http://mercury.picoctf.net:52362" http://mercury.picoctf.net:52362/
+curl -A "PicoBrowser" http://mercury.picoctf.net:52362/ -e http://mercury.picoctf.net:52362/
+curl -H "User-Agent: PicoBrowser" -H "Referer:http://mercury.picoctf.net:52362" http://mercury.picoctf.net:52362/
 ```
 
 ```text
@@ -29,7 +31,7 @@ Sorry, this site only worked in 2018.
 **Date** header:
 
 ```shell
-curl -H "User-Agent: PicoBrowser/3.3.36" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" http://mercury.picoctf.net:52362/
+curl -H "User-Agent: PicoBrowser" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" http://mercury.picoctf.net:52362/
 ```
 
 ```text
@@ -39,7 +41,7 @@ I don't trust users who can be tracked.
 **DNT (Do Not Track)** header:
 
 ```shell
-curl -H "User-Agent: PicoBrowser/3.3.36" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" -H "DNT: 1" http://mercury.picoctf.net:52362/
+curl -H "User-Agent: PicoBrowser" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" -H "DNT: 1" http://mercury.picoctf.net:52362/
 ```
 
 ```text
@@ -49,7 +51,7 @@ This website is only for people from Sweden.
 using random IP addr (example by Google) from Sweden **X-Forwarded-For** header:
 
 ```shell
-curl -H "User-Agent: PicoBrowser/3.3.36" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" -H "DNT: 1" -H "X-Forwarded-For: 151.237.181.2" http://mercury.picoctf.net:52362/
+curl -H "User-Agent: PicoBrowser" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" -H "DNT: 1" -H "X-Forwarded-For: 151.237.181.2" http://mercury.picoctf.net:52362/
 ```
 
 ```text
@@ -59,5 +61,5 @@ You're in Sweden but you don't speak Swedish?
 **Accept-Language** header:
 
 ```shell
-curl -H "User-Agent: PicoBrowser/3.3.36" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" -H "DNT: 1" -H "X-Forwarded-For: 151.237.181.2" -H "Accept-Language:sv-SE" http://mercury.picoctf.net:52362/
+curl -H "User-Agent: PicoBrowser" -H "Referer:http://mercury.picoctf.net:52362" -H "Date: 2018" -H "DNT: 1" -H "X-Forwarded-For: 151.237.181.2" -H "Accept-Language:sv-SE" http://mercury.picoctf.net:52362/
 ```