$ sudo touch /tellinq/home/tellinq.sh$ sudo locate tellinq$ sudo killall -9 -I tellinq
Z1xus
/ remove_june.sh
Created
November 20, 2023 20:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| read -p "Are you sure you want to continue? (y/N) " -n 1 -r | |
| echo | |
| if [[ $REPLY =~ ^[Yy]$ ]]; then | |
| echo "Removing 'june'..." | |
| find / \( -path /proc -o -path /sys -o -path /dev -o -path /run -o -path /var/run -o -path /tmp -o -path /snap -o -path /var/lib/snapd \) -prune -o -type f -name 'june' -exec rm -f {} + |
Z1xus
/ discord_reaction_analysis.md
Created
November 30, 2024 19:26
This paper examines a race condition in Discord's super reaction system that occurs when rapidly placing multiple super reactions through the API. When exploited, this condition causes all reactions to share the same animation state and creates unintended client behavior.
Discord's super reaction system was introduced as a premium feature allowing users to place animated "burst" reactions. The implementation uses a combination of REST API calls and client-side animation state management. This research explores how rapid concurrent API requests can exploit weaknesses in this system.
Z1xus
/ psyr3n's PIDXploit (solution).md
Created
October 29, 2025 22:40
this is my old solution back from the end of 2024, i just found that on my drive - so i decided to share. this writeup was never accepted on crackmes.one as the author has likely abandoned the site
replace the condition at 75 ? C7 04 24 ? ? ? ? E8 ? ? ? ? E8 with jn, enter any password to get "access granted" message.
if we look into generate_password function we can see that it calls getpid function at E8 ? ? ? ? 89 45 ? 8B 45 ? 89 44 24, which returns the pid of the current process