bayo bayotop
bayotop
/ utf8_fallback.cs
Created
August 22, 2017 07:15
Unsafe default behavior of Encoding.UTF8.GetBytes()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| string secret = "\ud8ab"; | |
| string secret2 = "\ud8cd"; | |
| if (!secret.Equals(secret2)) | |
| { | |
| Console.Out.WriteLine("The strings are not equal."); | |
| } | |
| computeSignature(secret, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57 | |
| computeSignature(secret2, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory=$true)] | |
| [string] $Path, | |
| [Parameter(Mandatory=$true)] | |
| [string] $Wordlist, | |
| [array] $Exclude = @("*.jpg","*.png","*.dll","*.exe","*.so","*.o"), | |
| [string] $OutputFile = "usages.csv" | |
| ) | |
| function Prepare-OutputFile($OutputFile) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <head> | |
| <title>CSP strict-dynamic + preload link in Chrome</title> | |
| <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123' 'strict-dynamic'" /> | |
| </head> | |
| <body> | |
| <script nonce="123"> | |
| var f = document.createElement("link"); | |
| f.rel = "preload"; // prefetch works perfectly fine | |
| f.href = "/foo.js" |
bayotop
/ h1ctf.py
Last active
April 17, 2019 04:52
Capture The Flag: reversing the password (https://docs.google.com/document/d/1sz2-n-IiqPGDm6b6NF8ajYogTbirOddNm45Uvj3eBq8/edit) - POC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import binascii | |
| data = bytearray.fromhex("7b0a20a0226576e56e7422ba202270e1737377ef72645fe368616ee765222c8a202022f5736572ee616d65a23a2022e2636f6cec696e22ac0a2020a26f6c64df706173f3776f72e4223a20a23a5c78c3375c78c6345c6edc784146a9293743dc783135dc784430dc784633dc784445e9553b22ac0a2020a26e6577df706173f3776f72e4223a20a2395c78c6415c78b9395c78c3415c78c5445c78c6325853c75c7844c42d5c78c3325c78b8457a48eb222c0aa0202274e96d6573f4616d70a23a2031b5303138b5383836b03030308a7d0a") | |
| corrected = bytearray() | |
| # Print original data given | |
| for n in data: | |
| sys.stdout.write(chr(n)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from requests import ConnectionError | |
| import sys | |
| requesttemplate = "http://%s/"; | |
| payload = "uncpath/<img src=x onerror=alert();>:" | |
| check = { "Microsoft", "ASP.NET", "IIS" } | |
| confirm = { "500.19", "<img src=x onerror=alert();>:" } | |
| if __name__ == "__main__": |
NewerOlder