Martin Bajanik bayotop

## utf8_fallback.cs
string secret = "\ud8ab";
string secret2 = "\ud8cd";

if (!secret.Equals(secret2))
{
    Console.Out.WriteLine("The strings are not equal.");
}

computeSignature(secret, "timestamp", "payload");  // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57
computeSignature(secret2, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57

## CheckUsages.ps1
param(
    [Parameter(Mandatory=$true)]
    [string] $Path,
    [Parameter(Mandatory=$true)]
    [string] $Wordlist,
    [array]  $Exclude = @("*.jpg","*.png","*.dll","*.exe","*.so","*.o"),
    [string] $OutputFile = "usages.csv"
)

function Prepare-OutputFile($OutputFile) {

## CSP.html
<!DOCTYPE html>
<head>
<title>CSP strict-dynamic + preload link in Chrome</title>
  <meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123' 'strict-dynamic'" />
</head>
<body>
<script nonce="123">
  var f = document.createElement("link");
  f.rel = "preload"; // prefetch works perfectly fine
  f.href = "/foo.js"

## h1ctf.py
import sys
import binascii

data = bytearray.fromhex("7b0a20a0226576e56e7422ba202270e1737377ef72645fe368616ee765222c8a202022f5736572ee616d65a23a2022e2636f6cec696e22ac0a2020a26f6c64df706173f3776f72e4223a20a23a5c78c3375c78c6345c6edc784146a9293743dc783135dc784430dc784633dc784445e9553b22ac0a2020a26e6577df706173f3776f72e4223a20a2395c78c6415c78b9395c78c3415c78c5445c78c6325853c75c7844c42d5c78c3325c78b8457a48eb222c0aa0202274e96d6573f4616d70a23a2031b5303138b5383836b03030308a7d0a")
corrected = bytearray()

# Print original data given
for n in data:
    sys.stdout.write(chr(n))

## MS17-016.py
import requests
from requests import ConnectionError
import sys

requesttemplate = "http://%s/";
payload = "uncpath/<img src=x onerror=alert();>:"
check = { "Microsoft", "ASP.NET", "IIS" }
confirm = { "500.19", "<img src=x onerror=alert();>:" }

if __name__ == "__main__":
	string secret = "\ud8ab";
	string secret2 = "\ud8cd";

	if (!secret.Equals(secret2))
	{
	Console.Out.WriteLine("The strings are not equal.");
	}

	computeSignature(secret, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57
	computeSignature(secret2, "timestamp", "payload"); // returns 1eba7aac5f10ee7aa985722256aa4125e8e59fe256386c8ab10295063d986e57
	param(
	[Parameter(Mandatory=$true)]
	[string] $Path,
	[Parameter(Mandatory=$true)]
	[string] $Wordlist,
	[array] $Exclude = @(".jpg",".png",".dll",".exe",".so",".o"),
	[string] $OutputFile = "usages.csv"
	)

	function Prepare-OutputFile($OutputFile) {
	<!DOCTYPE html>
	<head>
	<title>CSP strict-dynamic + preload link in Chrome</title>
	<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-123' 'strict-dynamic'" />
	</head>
	<body>
	<script nonce="123">
	var f = document.createElement("link");
	f.rel = "preload"; // prefetch works perfectly fine
	f.href = "/foo.js"
	import sys
	import binascii

	data = bytearray.fromhex("7b0a20a0226576e56e7422ba202270e1737377ef72645fe368616ee765222c8a202022f5736572ee616d65a23a2022e2636f6cec696e22ac0a2020a26f6c64df706173f3776f72e4223a20a23a5c78c3375c78c6345c6edc784146a9293743dc783135dc784430dc784633dc784445e9553b22ac0a2020a26e6577df706173f3776f72e4223a20a2395c78c6415c78b9395c78c3415c78c5445c78c6325853c75c7844c42d5c78c3325c78b8457a48eb222c0aa0202274e96d6573f4616d70a23a2031b5303138b5383836b03030308a7d0a")
	corrected = bytearray()

	# Print original data given
	for n in data:
	sys.stdout.write(chr(n))
	import requests
	from requests import ConnectionError
	import sys

	requesttemplate = "http://%s/";
	payload = "uncpath/<img src=x onerror=alert();>:"
	check = { "Microsoft", "ASP.NET", "IIS" }
	confirm = { "500.19", "<img src=x onerror=alert();>:" }

	if __name__ == "__main__":