Petit solutionnaire pour le brute force du PIN code.
Selon les spécifications, on peut deviner que le protocole ressemble à ceci:
Kiosque --[VERIFY PIN_CODE]-> Carte Kiosque <-[ Pin Ok? ]-- Carte
Philippe Arteau h3xstream
h3xstream
/ alexandriz_parse_links.py
Created
December 29, 2011 04:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib | |
| import xml.dom.minidom as dom | |
| import sys | |
| import re | |
| #Feeds | |
| url = "http://www.teamalexandriz.org/category/policier/feed/" | |
| #url = "http://www.teamalexandriz.org/category/aventure/feed/" | |
| #url = "http://www.teamalexandriz.org/category/science-fiction/feed/" |
h3xstream
/ defcon.spin
Last active
October 7, 2015 22:08
Playing with Parallax controller - Defcon 2012 badge (Modification of http://pastebin.com/raw.php?i=XVQ4yKkG)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| VAR | |
| byte count | |
| byte A[10] | |
| byte B[10] | |
| byte C[10] | |
| byte D[10] | |
| byte E[10] | |
| byte F[10] | |
| byte G[10] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Small script to rename image in folder to 'folder.jpg' to comply with XBMC default filename for music album. | |
| Usage : | |
| python folder.py /home/h3xstream/Music/ | |
| """ | |
| import os | |
| import sys |
h3xstream
/ 0-solution.md
Last active
May 14, 2019 18:47
NorthSec 2013: Smart Card Track - Brute force du PIN code
h3xstream
/ groupes-montreal.md
Last active
December 19, 2015 03:58
Liste de groupes utilisateurs à Montréal
#Groupes utilisateurs à Montréal
##Programmation
Montreal Python: http://montrealpython.org/
PHP Québec: http://www.phpquebec.org/
Montreal Java: User Group: http://montreal-jug.eventbrite.com/
h3xstream
/ smartcard.md
Last active
December 24, 2015 16:19
References for JavaCard and SmartCard standards.
##Smart card
Wikipedia - Smart card application protocol data unit : Simple reference for the standard APDU structure
ISO 7816-4 - Coding of SW1 and SW2 : Meaning associate to each return code.
##JavaCard development
Writing a Java Card Applet: Tutorial on Oracle website
h3xstream
/ install.md
Last active
December 25, 2015 06:49
Instructions pour installer des applets sur la carte du NorthSec
Here are the Card Manager Keys used for the cards we gave during the competition, so that you can load/delete applets on the card :
MAC_KEY : 20B2734C890D9F043208810E063B25D6 ENC_KEY : 1A1C5481DDF4A91D5AD25352846EFDF1 KEK_KEY : 065F678AC7C5EB46BC0DEA1ECCF1F03C
Make sure you use -keyver 1 and delete the previous applets as follows :
h3xstream
/ file_watch.groovy
Created
October 16, 2013 22:02
Simple script that monitor a directory and search for a specific keyword. (Java NIO simple test..)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.nio.file.FileSystems | |
| import java.nio.file.Path | |
| import java.nio.file.Paths | |
| import java.nio.file.StandardWatchEventKinds; | |
| import java.nio.file.WatchEvent; | |
| import java.nio.file.WatchKey | |
| import java.nio.file.WatchService; | |
| class FileEvent { | |
| String kind |
h3xstream
/ session_fixation.js
Last active
December 26, 2015 16:09
Session fixation detector (test script for OWASP ZAP)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| importPackage(org.parosproxy.paros.extension.history); //ExtensionHistory | |
| importPackage(org.parosproxy.paros.control); //Control | |
| extHist = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME) | |
| if (extHist == null) { | |
| println("ExtensionHistory not found.") | |
| exit; | |
| } | |
| // Loop through the history table, printing out the history id and the URL |
h3xstream
/ crossdomain.xml
Created
January 25, 2014 00:17
Ebay crossdomain.xml configuration (snapshot January 24)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> | |
| <cross-domain-policy> | |
| <allow-access-from domain="*.ebay.com" secure="false"/> | |
| <allow-access-from domain="*.ebay.au" secure="false"/> | |
| <allow-access-from domain="*.ebay.at" secure="false"/> | |
| <allow-access-from domain="*.ebay.be" secure="false"/> | |
| <allow-access-from domain="*.ebay.ca" secure="false"/> | |
| <allow-access-from domain="*.ebay.com.cn" secure="false"/> | |
| <allow-access-from domain="*.ebay.fr" secure="false"/> |
OlderNewer