Skip to content

Instantly share code, notes, and snippets.

View c0nrad's full-sized avatar

Stuart Larsen c0nrad

View GitHub Profile
isaacs /
Last active June 18, 2024 18:27
Use one of these techniques to install node and npm without having to sudo. Discussed in more detail at Note: npm >=0.3 is *safer* when using sudo.
echo 'export PATH=$HOME/local/bin:$PATH' >> ~/.bashrc
. ~/.bashrc
mkdir ~/local
mkdir ~/node-latest-install
cd ~/node-latest-install
curl | tar xz --strip-components=1
./configure --prefix=~/local
make install # ok, fine, this step probably takes more than 30 seconds...
curl | sh
loknop /
Created December 30, 2021 14:59
Solving "includer's revenge" from hxp ctf 2021 without controlling any files

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

rmmh / gist:8515577
Created January 20, 2014 05:53
MSP430 Alphanumeric Instructions
a:61 z:7a A:41 Z:5a 0:30 9:39
MSP430 alphanumeric shellcode is hard. There's no way to write to memory,
no word-sized reg-reg operations, and all we have is add/sub/mov and a few conditional jumps.
dstroot /
Created March 25, 2012 17:38
Install MongoDB on Amazon EC2
echo "*****************************************"
echo " Add the 10gen repository - after you press"
echo " enter add the following lines and then"
echo " cntl-X to save:"
echo " [10gen]"
echo " name=10gen Repository"
echo " baseurl="
echo " gpgcheck=0"
echo "*****************************************"