Skip to content

Instantly share code, notes, and snippets.

View AkshatGiri's full-sized avatar

Akshat Giri AkshatGiri

19 followers · 15 following
View GitHub Profile
@prettydiff
prettydiff / gist:ce40b6509f72a5fadfc6588b76b76ce8
Created September 13, 2021 23:15
websocket decode
unmask = function terminal_commands_websocket_unmask(socket:socketClient, data:Buffer):Uint8Array {
// reference - https://cookie.engineer/weblog/articles/implementers-guide-to-websockets.html
if (socket.fragment === null) {
socket.fragment = {
opcode: 0x00,
payload: Buffer.alloc(0)
};
}
@jaybosamiya
jaybosamiya / IO_Netgarage_Level11.md
Last active October 2, 2019 16:39
IO Netgarage Level11 Solution

IO Netgarage Level 11

Whoo! This was a fun challenge with loads to learn. :)

Understanding the given code

The given code level11.c checks whether the two inputs (as argv[1] and argv[2]) both MD5 hash to the same value or not. If they do, it uses both inputs as brainfuck code, and executes them. Then it checks if the outputs differ. Upon differing outputs, they are checked against the strings "io.sts Rules!" and "io.sts Sucks!". If prog1's output is the first, and prog2's output is the second, we are granted shell.

Understanding the vulnerability