pich4ya

# @author Pichaya Morimoto ([email protected])
# The note at https://gist.github.com/shqld/256e2c4f4b97957fb0ec250cdc6dc463 is incomplete.

brew uninstall rust 
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup target add x86_64-pc-windows-gnu
rustup target add x86_64-unknown-linux-gnu
rustup target list |grep installed

### Build Windows x86_64

pich4ya

# @author Pichaya Morimoto ([email protected])

Problem:

```bash
brew install proxychains-ng 
proxychains4 ncat 1.2.3.4 # not working
```

There are public workarounds like https://benobi.one/posts/running_brew_on_m1_for_x86/ 

pich4ya

# @author Pichaya Morimoto ([email protected])

# gem install evil-winrm
# evil-winrm -u "${user}" -p "${pass}"  -i "${ip}"

Evil-WinRM shell v3.4

Info: Establishing connection to remote endpoint

Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error

pich4ya

@RestController 
public class ReportController {

  @PostMapping("/report")
  public ResponseEntity<String> generateReport(@RequestParam String report_name) {
    String cmd = "bash -c \"generate_report.sh " + report_name + "\"";
    try {
      Process proc = Runtime.getRuntime().exec(cmd);
      int exitValue = proc.waitFor();
      if (exitValue == 0) {

pich4ya

@author Pichaya Morimoto ([email protected])

Vulnerability: Broken Access Control/Mass Assignment Vulnerability in CTFd <= 3.3.0 
CVE: n/a

Impact:
- Join CTF teams without knowing the team password or having a team invite
- Can switch to another team, and switch back to the old team

Attack Scenario:

pich4ya

# @author Pichaya Morimoto
# Problem 1
$ brew upgrade

Error: Your Xcode (14.0.1) is too outdated.
Please update to Xcode 14.1 (or delete it).
Xcode can be updated from the App Store.

Error: Your Command Line Tools (CLT) does not support macOS 13.
It is either outdated or was modified.

pich4ya

@author Pichaya (LongCat) Morimoto ([email protected])

Challenge: https://challenge-0522.intigriti.io/challenge/challenge.html

จุดประสงค์คือต้องทำ XSS โดยที่มีการป้องกันไว้ด้วย 
(1) ไม่ได้รับค่า User Input มาแสดงตรง ๆ รับแค่ Index (ตัวเลข) แล้วไป Lookup Content ที่เป็น HTML มาแสดง
(2) HTML Content (Static แบบ Fixed ไว้) ที่ Lookup มายังจะโดน Sanitize ต่อด้วยฟังก์ชัน filterXSS() จาก lib ชื่อ xss-js

Tech Stack:

pich4ya

I got this error during `make` for Medusa installation on MacOS 12.4

```bash
git clone https://github.com/jmk-foofus/medusa
cd medusa
./configure
make && make install
[..]
medusa-net.c:349:28: error: implicit declaration of function 'TLS_client_method' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
  sslContext = SSL_CTX_new(TLS_client_method());

pich4ya

info

Captain Spiky comes from a rare species of creatures who can only breathe underwater. During the energy-crisis war, he was captured as a war prisoner and later forced to be a Tamagotchi pet for a child of a general of nomadic tribes. He is forced to react in specific ways and controlled remotely purely for the amusement of the general's children. The Paraman crew needs to save the captain of his misery as he is potentially a great asset for the war against Draeger. Can you hack into the Tamagotchi controller to rescue the captain?

techstack

• node.js
• express.js
• mysql
• alpine docker

pich4ya

# author Pichaya Morimoto ([email protected])

Unintened solution.

You create 2 users. Then, do transfer -9999 amount from one account to another.

POST /api/transactions/create HTTP/1.1
[...]
Content-Length: 84