JOUET Romain BZHugs

## kim_solve.py
import hashpumpy
import requests
import urllib2

'''

Hash length extension attack

http://35.198.133.163:1337/files/952bb2a215b032abe27d24296be099dc3334755c/?f=sample.gif -> HTTP 200
952bb2a215b032abe27d24296be099dc3334755c = sample.gif

## nohtyp1.py
alphabet = [chr(n) for n in range(48,58)] + [chr(n) for n in range(65,91)] + [chr(n) for n in range(97,123)] + [chr(95)]
verif = [160,155,208,160,190,215,237,134,210,126,212,222,224,238,128,240,164,213,183,192,162,178,163,162]

def crypt(a,b):
	return a + (b ^ 21)

flaglength = len(verif) #24


start = "34C3_mo4r_"

## soupstitution.py
#!/usr/bin/env python3
# coding: utf8

alpha = [chr(i) for i in range(999999) if chr(i).isdigit()][::-1]

def fcn2(txt):
    a = 0
    for c in txt:
        a *= 10
        a += ord(c) - ord('0')

## README.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                BZHugs
                / README.md
            
            
              Last active
              June 12, 2018 13:55
            
              
                Example of code optimisation (remove libc)
              
          
    root@laptop [02:00:10] [~/Documents/pentest/cours] 
-> # ls -alh opti printf-libc
-rwxr-xr-x 1 root root 1,5K juin  12 14:00 opti
-rwxr-xr-x 1 root root 726K juin  12 14:00 printf-libc

root@laptop [02:00:26] [~/Documents/pentest/cours] 
-> # ./opti arg1 arg2 arg3    
./opti
arg1


## WIRED_CSV.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                BZHugs
                / WIRED_CSV.md
            
            
              Last active
              September 21, 2018 12:54
            
          
0 : noir: p23 (~K0) Keyboard Scan Output
1 : marron: p22 (~K1) Keyboard Scan Output
2 : rouge: p21 (~K2) Keyboard Scan Output
3 : orange: p20 (K3) Keyboard Scan Output
4 : jaune: p19 (K4) Keyboard Scan Output
5 : vert: p18 (~K5) Keyboard Scan Output
6 : bleu: p25 (~KR1) Keyboard Row strobe Input
7 : violet : p16 (~KR2) Keyboard Row strobe Input

https://en.wikipedia.org/wiki/POKEY#Pinout

  
## iot.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                BZHugs
                / iot.md
            
            
              Last active
              June 11, 2023 11:01
            
          
    STM32MP1_sdk

change Docker IPs pool

sudo nano /etc/docker/daemon.json
{
  "default-address-pools":
  [


## stage3.py
# coding: utf8

'''
ssh defi3.challengecybersec.fr -l defi3 -p 2222

mot de passe : DGSE{?uo20tPO4(o=A=dX3njr2y{emZQodR}

'''
from pwn import *
import struct

## from_phenol_with_fail.py
from pwn import *

context.arch = 'x86'
context.bits = 32
context.endian = 'little'
context.os = 'linux'
context.log_level = 'warning'

dbg = False

## pkexec.c
/*
 * For original see haxx.in/files/blasty-vs-pkexec.c
 *
 * this version is just using some awful hack to
 * avoid having to call gcc on the target box.
 * this versions fragile - must be named payload.so
 * might add better detection later, whatever.
 * all credit to bl4sty for the actual exploit,
 * I just made some changes for my usecase.
 * you will have to change the interp for diff

## iphone.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                BZHugs
                / iphone.md
            
            
              Created
              February 17, 2022 09:58
            
          
hardware name
commercial name


iPhone14,5
iPhone 13


iPhone14,4
iPhone 13 mini


iPhone14,3
iPhone 13 Pro Max


iPhone14,3
iPhone 13 Pro


iPhone13,4
iPhone 12 Pro Max


iPhone13,3
iPhone 12 Pro


iPhone13,2
iPhone 12


iPhone13,1
iPhone 12 mini
	import hashpumpy
	import requests
	import urllib2

	'''

	Hash length extension attack

	http://35.198.133.163:1337/files/952bb2a215b032abe27d24296be099dc3334755c/?f=sample.gif -> HTTP 200
	952bb2a215b032abe27d24296be099dc3334755c = sample.gif
	alphabet = [chr(n) for n in range(48,58)] + [chr(n) for n in range(65,91)] + [chr(n) for n in range(97,123)] + [chr(95)]
	verif = [160,155,208,160,190,215,237,134,210,126,212,222,224,238,128,240,164,213,183,192,162,178,163,162]

	def crypt(a,b):
	return a + (b ^ 21)

	flaglength = len(verif) #24


	start = "34C3_mo4r_"
	#!/usr/bin/env python3
	# coding: utf8

	alpha = [chr(i) for i in range(999999) if chr(i).isdigit()][::-1]

	def fcn2(txt):
	a = 0
	for c in txt:
	a *= 10
	a += ord(c) - ord('0')
	# coding: utf8

	'''
	ssh defi3.challengecybersec.fr -l defi3 -p 2222

	mot de passe : DGSE{?uo20tPO4(o=A=dX3njr2y{emZQodR}

	'''
	from pwn import *
	import struct
	from pwn import *

	context.arch = 'x86'
	context.bits = 32
	context.endian = 'little'
	context.os = 'linux'
	context.log_level = 'warning'

	dbg = False
	/*
	* For original see haxx.in/files/blasty-vs-pkexec.c
	*
	* this version is just using some awful hack to
	* avoid having to call gcc on the target box.
	* this versions fragile - must be named payload.so
	* might add better detection later, whatever.
	* all credit to bl4sty for the actual exploit,
	* I just made some changes for my usecase.
	* you will have to change the interp for diff
hardware name	commercial name
iPhone14,5	iPhone 13
iPhone14,4	iPhone 13 mini
iPhone14,3	iPhone 13 Pro Max
iPhone14,3	iPhone 13 Pro
iPhone13,4	iPhone 12 Pro Max
iPhone13,3	iPhone 12 Pro
iPhone13,2	iPhone 12
iPhone13,1	iPhone 12 mini