Skip to content

Instantly share code, notes, and snippets.

View evandrix's full-sized avatar
💭
offline

evandrix evandrix

💭
offline
View GitHub Profile
<!DOCTYPE HTML>
<html lang = "en">
<head>
<title>HackThis!! - Capture the Flag</title>
<meta charset = "UTF-8" />
<link href='https://fonts.googleapis.com/css?family=Ubuntu|Orbitron' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="/ctf/css/main.css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<?php
// ...
if ($page == "admin" && !$user->isAdmin()) {
include("admin.php");
} else {
include("/pages/{$page}.html");
}
?>
<?php
$user = $_POST['user'];
$pass = $_POST['pass'];
if ($user == "admin" && $pass == "pass") {
//valid login
} else {
//invalid login
}
?>
var console = unsafeWindow.console;
// a function that loads jQuery and calls a callback function when jQuery has finished loading
function addJQuery(callback) {
var script = document.createElement("script");
script.setAttribute("src", "http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js");
script.addEventListener('load', function() {
var script = document.createElement("script");
script.textContent = "(" + callback.toString() + ")();";
document.body.appendChild(script);
@evandrix
evandrix / windows.h__.js
Created November 18, 2012 12:53
windows.h.js INFINITY
var ffi = require('ffi'),
ref = require('ref'),
Struct = require('ref-struct'),
Library = require('./Library'),
Type = ref.Type,
NULL = ref.NULL,
isNull = ref.isNull;
var groups = ['libs', 'types', 'structs', 'callbacks', 'enums'];
@evandrix
evandrix / ctf_mpetrov.c
Created February 24, 2012 14:43 — forked from michaelpetrov/ctf_mpetrov.c
Stripe CTF Challenge Level 06 Solution
//
// Created by Michael Petrov on 12-02-23.
// Copyright (c) 2012 TenthBit Inc. All rights reserved.
// http://michaelpetrov.com (petrov.michael@gmail.com)
//
//
// This solution performs a timing attack on the fork system call. By monitoring the process closely
// it is possible to discover where the fork likely happened. With some basic heuristics, it's possible
// to infer where the wrong character is. With very minor brute force searching it becomes very easy
// to find the password one letter at a time.
@evandrix
evandrix / gist:1901352
Created February 24, 2012 14:40 — forked from michaelpetrov/gist:1899630
Stripe CTF Challenge - Solutions to all Levels
Stripe CTF - Work Notes
mpetrov (petrov.michael@gmail.com)
These notes are very rough. They should give a general idea of how each level was solved.
---- LEVEL 01 (login: e9gx26YEb2) -----
Solution: modifying PATH env variable
Password: kxlVXUvzv
date.c
@evandrix
evandrix / gist:1893103
Created February 23, 2012 14:34 — forked from lezhangxyz/gist:1890401
ctfsh
#!/bin/sh
if [ ! -t 0 ]; then
echo >&2 'STDIN is not a terminal'
exit 1
fi
clear
cd "$(mktemp -d)"
@evandrix
evandrix / LICENSE.txt
Created February 14, 2012 21:17 — forked from 140bytes/LICENSE.txt
140byt.es -- Click ↑↑ fork ↑↑ to play!
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2011 YOUR_NAME_HERE <YOUR_URL_HERE>
Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
@evandrix
evandrix / solution.pl
Created July 29, 2011 22:44 — forked from dmn001/Dropbox-Diet Solution
Dropbox Challenge - 3 The Dropbox Diet
#!/usr/bin/perl
use strict;
# dmn001 <at> gmail
# 31/01/2011
my %pos;
my %neg;
my $num_lines = <STDIN>;
while (<STDIN>){