This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution for TAMUctf 2017 : pwn200-pwn3 | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| # A big thx to liveoverflow 4 this padding tip, https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w | |
| import struct | |
| # 0x80485ab = print_flag | |
| # 0x804a01c = exit@plt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution for TAMUctf 2017 : pwn200-pwn4 | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| from pwn import * | |
| r = remote('web.ctf.tamu.edu', 4324) | |
| elf = ELF('./pwn4') | |
| payload = "A"*16 |
intrd
/ tamuCTF_web100-super_secure_pin.py
Last active
April 26, 2017 14:40
Solution for tamuCTF 2017 - web100-super_secure_pin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Nozzlr template : HTTP POST bruteforcer (Solution for tamuCTF 2017 - web100-super_secure_pin) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| # generate pins wordlist using crunch: crunch 4 4 0123456789 -o pins.txt | |
| # then.. run this template on nozzlr: nozzlr http_bruteforce.py pins.txt 20 | |
| import urllib, shutil, json | |
| import requests |
intrd
/ picoctf2k17_level2-xpl75-shells.py
Last active
May 16, 2018 19:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Solution to level2-xpl75-shells @ PicoCTF 2017 | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| # int_netcat.py - https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a | |
| import sys, socket, struct | |
| sys.path.append("../../LIBS/") | |
| from int_netcat import Netcat |
intrd
/ nozzlr-shx-rev200.py
Last active
March 16, 2017 20:10
Nozzlr module : ARGV2 - hash commandline bruteforce (solution to shx5-rev200-lil_arm)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Nozzlr module : ARGV - hash commandline bruteforce (solution to shx5-rev200-lil_arm) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| from subprocess import Popen, PIPE, STDOUT | |
| def nozz_module(payload, self=False, founds=False): | |
| payloads=':'.join(str(v) for v in payload.values()) | |
| foundslen=len(founds) | |
| flag_header="shellter{"+founds |
intrd
/ nozzlr-shx-rev400.py
Last active
March 16, 2017 20:09
Nozzlr module : solving shx5-rev400 challenge @ shellterlabs.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Nozzlr module : ARGV - pipe to commandline args (letter by letter) (solving shx5-rev200 challenge @ shellterlabs.com) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| from subprocess import Popen, PIPE, STDOUT | |
| def nozz_module(payload, self=False, founds=False): | |
| payloads=':'.join(str(v) for v in payload.values()) | |
| print founds | |
| foundslen=len(founds) |
intrd
/ rev400-again-keygen.py
Last active
March 16, 2017 14:34
Keygen solution to SHX5 - rev400-again
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| ## Keygen solution to SHX5 - rev400-again | |
| # A big thanks to r00tc0d3r 4 help w/ this solution! | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| magic = [0xD1, 0x93, 0x30, 0x43, 0x7F, 0x29, 0x38, 0x36, 0x1D, 0x2B, 0x6F, 0x5E, 0x31, 0x0D, 0x61, 0x65, 0x65, 0x41, 0x21, 0x60, 0x12] | |
| xor_key = magic[0] | |
| str="" | |
| for i in range(1, 21): |
intrd
/ int_httpbruteforcer.py
Last active
March 8, 2017 18:38
intrd's multithread HTTP bruteforcer v1.1 (PoC bruteforcing pastd.com)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This tool is deprecated, please use https://github.com/intrd/nozzlr | |
| #!/usr/bin/env python | |
| ## intrd's multithread HTTP bruteforcer v1.1 (PoC bruteforcing pastd.com) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| import sys,Queue,threading,hashlib,os,socket,time | |
| from subprocess import Popen, PIPE, STDOUT | |
| import urllib, shutil, json |
intrd
/ int_wordlistcombinator.py
Last active
March 5, 2017 21:45
intrd's worldist permutator v1.0 (permute two wordlists based on a given rule)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ## intrd's worldist permutator v1.0 (combine & permute two wordlists based on a given rule) | |
| # @author intrd - http://dann.com.br/ | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| import itertools | |
| wordlist=open('wordlist.txt') | |
| words = wordlist.read().split('\n') | |
| #print words |
intrd
/ jio-geo.py
Created
March 4, 2017 21:14
Solution to Nullcon HackIM 2017 - prog300-jio-geo_challenge (hit the server from 40 different countries)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| ## Solution to Nullcon HackIM 2017 - prog300-jio-geo_challenge (hit the server from 40 different countries) | |
| # @author intrd - http://dann.com.br/ (based on https://www.phillips321.co.uk/2013/08/31/multi-threading-python-a-quick-example/) | |
| # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/ | |
| import re, sys, time, os | |
| sys.path.append("../../LIBS/") | |
| from int_netcat import Netcat | |
| import socket |