mnixry
/ shell_client.c
Last active
November 8, 2023 15:48
Reverse shell with TTY and RC4 obfuscated traffic.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <pty.h> | |
| #include <time.h> | |
| #include <arpa/inet.h> | |
| #include <signal.h> | |
| #include <sys/select.h> | |
| #include <sys/wait.h> |
mnixry
/ hashcash_pow.py
Created
October 30, 2023 06:56
Pure Python implementation for HashCash proof-of work, friendly for CTF.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from typing import Optional | |
| import re | |
| from pwn import * | |
| def mint( | |
| resource: str, | |
| bits: int = 20, | |
| now: Optional[float] = None, | |
| ext: str = "", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| class BaseN | |
| { | |
| protected $charset; | |
| protected $reverseCharset; | |
| public function __construct(array $charset) | |
| { | |
| $this->charset = $charset; |
mnixry
/ weather.html
Last active
August 25, 2023 06:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <head> | |
| <meta charset="UTF-8" /> | |
| <title>Document</title> | |
| </head> | |
| <body> | |
| <div id="app" class="container"> | |
| <div class="info"> | |
| <svg | |
| xmlns="http://www.w3.org/2000/svg" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from functools import cached_property | |
| from timeit import timeit | |
| class BaseN: | |
| def __init__(self, charset: str) -> None: | |
| self.charset = charset | |
| self.reverse_charset = {c: i for i, c in enumerate(charset)} | |
| assert len(self.charset) == len(self.reverse_charset), "charset must be unique" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import random | |
| import sys | |
| from typing import Optional | |
| from websockets.legacy.client import WebSocketClientProtocol | |
| from websockets.legacy.client import connect as websockets_connect | |
| BUFFER_SIZE = 1024 |
mnixry
/ python_prototype_pollution.py
Created
July 22, 2023 05:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import uuid | |
| from flask import Flask, request, session | |
| from secret import black_list | |
| import json | |
| app = Flask(__name__) | |
| app.secret_key = str(uuid.uuid4()) | |
| def check(data): |
mnixry
/ directory_dump_from_entryjs.py
Created
April 22, 2023 15:02
DASCTF 2023, dump leaked directory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import re | |
| from pathlib import Path | |
| from urllib.parse import urljoin, urlparse | |
| from anyio import open_file | |
| from httpx import AsyncClient | |
| from loguru import logger | |
| MATCH_QUOTES = re.compile(r'["\'](.*?)["\']') |
mnixry
/ one_line_base16384.py
Last active
March 30, 2023 21:34
Implentment https://github.com/fumiama/base16384 in Python by only one line
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| encoding, decoding = ( | |
| lambda input_bytes: ( | |
| "".join( | |
| chr(0x4E00 + sum(1 << i for i, bit in enumerate(reversed(row)) if bit)) | |
| for row in ( | |
| lambda x, length: ( | |
| tuple(next(it, None) for it in x) for _ in range(length) | |
| ) | |
| )( | |
| [((char >> i) & 1 for char in input_bytes for i in reversed(range(8)))] |
mnixry
/ decrypt_tim_database.py
Created
March 21, 2023 17:16
Decrypt all TEXT and BLOB fields in MobileQQ/TIM database and update records in-place.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import itertools | |
| import sqlite3 | |
| import sys | |
| import rich | |
| import rich.progress | |
| def decrypt_blob(data: bytes, byte_key: bytes) -> bytes: | |
| key_iterator = itertools.cycle(byte_key) |