Major League Hacking is organising one massive, distributed Hackathon.
Us at @CovHackSoc are running on of the local events, here at Coventry in EC2-12.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| " Vundle | |
| set nocompatible | |
| filetype off | |
| set rtp+=~/.vim/bundle/Vundle.vim | |
| call vundle#begin() | |
| Plugin 'VundleVim/Vundle.vim' | |
| Plugin 'itchyny/lightline.vim' | |
| Plugin 'flazz/vim-colorschemes' | |
| Plugin 'rykka/mathematic.vim' | |
| Plugin 'hari-rangarajan/CCTree' |
- Phrack. The oldest hacker zine still running - http://phrack.org/
- Some notes on exploitation I wrote last year for the society. Missing stuff, but probably a good base: https://gist.github.com/bahorn/0df2d3dc5dbfd36d15a36044456e06f8
- Great article on chaining bugs: http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
- https://cturt.github.io/compat-info-leaks.html
- http://phrack.org/issues/64/15.html
- RFP's article where he introduced SQL injections: http://phrack.org/issues/54/8.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| from jinja2 import Template | |
| def renderTemplate(template, context): | |
| t = Template(template) | |
| return t.render(context) | |
| if __name__ == "__main__": | |
| context = {} | |
| template = open(sys.argv[1],'r').read() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IMAGE=<IMAGE_HERE> | |
| CONTAINERNAME=<NAME_HERE> | |
| XSOCK=/tmp/.X11-unix | |
| XAUTH=/tmp/.docker.xauth | |
| xauth nlist :0 | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge - | |
| docker run -dt \ | |
| --name $CONTAINERNAME \ | |
| -p 4444:4444 \ | |
| -v $XSOCK:$XSOCK \ |
Links, tools and documents I think are interesting for level level development.
bahorn
/ facebook_auth.py
Last active
February 8, 2018 16:27
Hacked up Flask server to login to authorise as a facebook user.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import json | |
| import binascii | |
| import requests | |
| from flask import Flask, request | |
| app = Flask(__name__) | |
| # Web app to get use a user token from Facebook | |
| app_id = "<BLANKED>" | |
| app_secret = "<BLANKED>" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import hashlib | |
| import time | |
| import uuid | |
| import os | |
| import copy | |
| import json | |
| # Fixed up version of my previous code to work with the Cloud endpoints. | |
| # Hopefully this works. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import hashlib | |
| import time | |
| import uuid | |
| import os | |
| import copy | |
| import json | |
| # This is based on my personal implementation but stripped down to only what is | |
| # needed to verify it. |