Skip to content

Instantly share code, notes, and snippets.


Stuart Larsen c0nrad

View GitHub Profile
loknop /
Created Dec 30, 2021
Solving "includer's revenge" from hxp ctf 2021 without controlling any files

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

isaacs /
Last active Jan 10, 2023
Use one of these techniques to install node and npm without having to sudo. Discussed in more detail at Note: npm >=0.3 is *safer* when using sudo.
echo 'export PATH=$HOME/local/bin:$PATH' >> ~/.bashrc
. ~/.bashrc
mkdir ~/local
mkdir ~/node-latest-install
cd ~/node-latest-install
curl | tar xz --strip-components=1
./configure --prefix=~/local
make install # ok, fine, this step probably takes more than 30 seconds...
curl | sh
rmmh / gist:8515577
Created Jan 20, 2014
MSP430 Alphanumeric Instructions
View gist:8515577
a:61 z:7a A:41 Z:5a 0:30 9:39
MSP430 alphanumeric shellcode is hard. There's no way to write to memory,
no word-sized reg-reg operations, and all we have is add/sub/mov and a few conditional jumps.
dstroot /
Created Mar 25, 2012
Install MongoDB on Amazon EC2
echo "*****************************************"
echo " Add the 10gen repository - after you press"
echo " enter add the following lines and then"
echo " cntl-X to save:"
echo " [10gen]"
echo " name=10gen Repository"
echo " baseurl="
echo " gpgcheck=0"
echo "*****************************************"