Skip to content

Instantly share code, notes, and snippets.

View pFransozi's full-sized avatar
🎯
Focusing

Philipe Fransozi pFransozi

🎯
Focusing
3 followers · 17 following
View GitHub Profile
@terjanq
terjanq / HTPL-solution.html
Last active November 6, 2022 22:11
Hack.lu 2022 CTF solutions
<!--
This was a sandboxing challenge where the JS language is presenteded in the form of exotic, made-up language.
It's almost properly sandboxed but there is one bug that players needed to find.
The bug I found was to construct HTML comment (<!--) that is understood by JS and which makes it possible to ignore one semicolon
and then to concat array expression with variable name, like $var$['eval']. To get reference to eval we used DOM clobbering
and defined <iframe name=$win$>
-->
<iframe name=$win$></iframe>
<x-program>
@leommoore
leommoore / file_magic_numbers.md
Last active April 21, 2025 11:51
File Magic Numbers

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files