seifallahhomrani1
/ main.go
Created
August 22, 2024 10:42
Extracting and Encoding Grafana Database Credentials for Cracking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "database/sql" | |
| "encoding/hex" | |
| b64 "encoding/base64" | |
| "fmt" | |
| "log" | |
| "os" |
seifallahhomrani1
/ exploit.py
Last active
August 6, 2022 15:12
Kenzy Web Challenge from Arab Security Cyber Wargames Championships 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import base64 | |
| import string | |
| addr = "http://34.175.249.72:60001" | |
| flag = "" | |
| for l in range(1,50): | |
| for c in string.printable[:-6]: | |
| #final payload to extract the flag | |
| # /**/ to bypass ' ' filter |
seifallahhomrani1
/ file_upload.py
Last active
June 3, 2022 07:53
Cyber Security Challenge Germany 2022 Qualifiers - File-Upload Challenge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| base_url = "https://6a4f4da9a8be425de24e8228-file-upload.challenge.master.cscg.live:31337" | |
| register_url = f"{base_url}/register.php" | |
| login_url = f"{base_url}/login.php" | |
| upload_url = f"{base_url}/upload.php" | |
| dir_url = f"{base_url}/uploads/" |
seifallahhomrani1
/ file_upload.py
Last active
June 2, 2022 22:04
Cyber Security Challenge Germany 2022 Qualifiers - File-Upload Challenge
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| base_url = "https://365781ddbe0e9e54d0821126-file-upload.challenge.master.cscg.live:31337" | |
| register_url = f"{base_url}/register.php" | |
| login_url = f"{base_url}/login.php" | |
| upload_url = f"{base_url}/upload.php" | |
| dir_url = f"{base_url}/uploads/" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import jwt | |
| import base64 | |
| import json | |
| def extract_pub_key(session_cookie): | |
| return base64.b64decode(json.loads(base64.b64decode((session_cookie.cookies.get_dict()['session'].split('.'))[1] + '=='))['pub']) | |
| ip = "http://127.0.0.1" #change it |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # basic 'find file' commands | |
| # -------------------------- | |
| find / -name foo.txt -type f -print # full command | |
| find / -name foo.txt -type f # -print isn't necessary | |
| find / -name foo.txt # don't have to specify "type==file" | |
| find . -name foo.txt # search under the current dir | |
| find . -name "foo.*" # wildcard | |
| find . -name "*.txt" # wildcard | |
| find /users/al -name Cookbook -type d # search '/users/al' |