Skip to content

Instantly share code, notes, and snippets.

View BZHugs's full-sized avatar

JOUET Romain BZHugs

54 followers · 25 following
View GitHub Profile
@BZHugs
BZHugs / kim_solve.py
Created December 29, 2017 21:34
import hashpumpy
import requests
import urllib2
'''
Hash length extension attack
http://35.198.133.163:1337/files/952bb2a215b032abe27d24296be099dc3334755c/?f=sample.gif -> HTTP 200
952bb2a215b032abe27d24296be099dc3334755c = sample.gif
@BZHugs
BZHugs / nohtyp1.py
Created January 1, 2018 21:25
alphabet = [chr(n) for n in range(48,58)] + [chr(n) for n in range(65,91)] + [chr(n) for n in range(97,123)] + [chr(95)]
verif = [160,155,208,160,190,215,237,134,210,126,212,222,224,238,128,240,164,213,183,192,162,178,163,162]
def crypt(a,b):
return a + (b ^ 21)
flaglength = len(verif) #24
start = "34C3_mo4r_"
@BZHugs
BZHugs / soupstitution.py
Created February 21, 2018 13:28
Solution for soupstitution Cipher EasyCTF 2018
#!/usr/bin/env python3
# coding: utf8
alpha = [chr(i) for i in range(999999) if chr(i).isdigit()][::-1]
def fcn2(txt):
a = 0
for c in txt:
a *= 10
a += ord(c) - ord('0')
@BZHugs
BZHugs / README.md
Last active June 12, 2018 13:55
Example of code optimisation (remove libc) 
root@laptop [02:00:10] [~/Documents/pentest/cours] 
-> # ls -alh opti printf-libc
-rwxr-xr-x 1 root root 1,5K juin  12 14:00 opti
-rwxr-xr-x 1 root root 726K juin  12 14:00 printf-libc

root@laptop [02:00:26] [~/Documents/pentest/cours] 
-> # ./opti arg1 arg2 arg3    
./opti
arg1
@BZHugs
BZHugs / WIRED_CSV.md
Last active September 21, 2018 12:54
  • 0 : noir: p23 (~K0) Keyboard Scan Output
  • 1 : marron: p22 (~K1) Keyboard Scan Output
  • 2 : rouge: p21 (~K2) Keyboard Scan Output
  • 3 : orange: p20 (K3) Keyboard Scan Output
  • 4 : jaune: p19 (K4) Keyboard Scan Output
  • 5 : vert: p18 (~K5) Keyboard Scan Output
  • 6 : bleu: p25 (~KR1) Keyboard Row strobe Input
  • 7 : violet : p16 (~KR2) Keyboard Row strobe Input

https://en.wikipedia.org/wiki/POKEY#Pinout

@BZHugs
BZHugs / iot.md
Last active June 11, 2023 11:01

STM32MP1_sdk

change Docker IPs pool

sudo nano /etc/docker/daemon.json

{
  "default-address-pools":
  [
@BZHugs
BZHugs / stage3.py
Last active June 14, 2019 17:08
Rich 3
# coding: utf8
'''
ssh defi3.challengecybersec.fr -l defi3 -p 2222
mot de passe : DGSE{?uo20tPO4(o=A=dX3njr2y{emZQodR}
'''
from pwn import *
import struct
@BZHugs
BZHugs / from_phenol_with_fail.py
Last active July 23, 2020 12:38
from_phenol_with_fail :)
from pwn import *
context.arch = 'x86'
context.bits = 32
context.endian = 'little'
context.os = 'linux'
context.log_level = 'warning'
dbg = False
@BZHugs
BZHugs / pkexec.c
Created January 26, 2022 11:02 — forked from darrenmartyn/pkexec.c
/*
* For original see haxx.in/files/blasty-vs-pkexec.c
*
* this version is just using some awful hack to
* avoid having to call gcc on the target box.
* this versions fragile - must be named payload.so
* might add better detection later, whatever.
* all credit to bl4sty for the actual exploit,
* I just made some changes for my usecase.
* you will have to change the interp for diff
@BZHugs
BZHugs / iphone.md
Created February 17, 2022 09:58
hardware name commercial name
iPhone14,5 iPhone 13
iPhone14,4 iPhone 13 mini
iPhone14,3 iPhone 13 Pro Max
iPhone14,3 iPhone 13 Pro
iPhone13,4 iPhone 12 Pro Max
iPhone13,3 iPhone 12 Pro
iPhone13,2 iPhone 12
iPhone13,1 iPhone 12 mini