Skip to content

Instantly share code, notes, and snippets.

View h3xstream's full-sized avatar

Philippe Arteau h3xstream

499 followers · 42 following
View GitHub Profile
@h3xstream
h3xstream / web300.md
Last active August 13, 2018 08:34
GoSecure CTF - Web 300 pts writeup

Starting at the URL http://web300.gosec.net:6473/, we can see a page serving a static image /troll.jpg. No special parameter can be found. The image is confirm to be static. Some stegano test were done on the image but nothing special is observe.

troll page

Hidden admin page

We scan the host for hidden files and directories using tachyon. The tool found the existence of /admin.php.

login page

@h3xstream
h3xstream / bh2014_nike.py
Created August 11, 2014 20:42
Black Hat 2014: Nike T-shirt
from binascii import hexlify,unhexlify
data = int('0b01001010 01110101 01110011 01110100 00100000 01000100 01101111 00100000 01001001 01110100'.replace(" ",""),2)
print unhexlify("%x" % data)
@h3xstream
h3xstream / crossdomain.xml
Created January 25, 2014 00:17
Ebay crossdomain.xml configuration (snapshot January 24)
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ebay.com" secure="false"/>
<allow-access-from domain="*.ebay.au" secure="false"/>
<allow-access-from domain="*.ebay.at" secure="false"/>
<allow-access-from domain="*.ebay.be" secure="false"/>
<allow-access-from domain="*.ebay.ca" secure="false"/>
<allow-access-from domain="*.ebay.com.cn" secure="false"/>
<allow-access-from domain="*.ebay.fr" secure="false"/>
@h3xstream
h3xstream / session_fixation.js
Last active December 26, 2015 16:09
Session fixation detector (test script for OWASP ZAP)
importPackage(org.parosproxy.paros.extension.history); //ExtensionHistory
importPackage(org.parosproxy.paros.control); //Control
extHist = Control.getSingleton().getExtensionLoader().getExtension(ExtensionHistory.NAME)
if (extHist == null) {
println("ExtensionHistory not found.")
exit;
}
// Loop through the history table, printing out the history id and the URL
@h3xstream
h3xstream / file_watch.groovy
Created October 16, 2013 22:02
Simple script that monitor a directory and search for a specific keyword. (Java NIO simple test..)
import java.nio.file.FileSystems
import java.nio.file.Path
import java.nio.file.Paths
import java.nio.file.StandardWatchEventKinds;
import java.nio.file.WatchEvent;
import java.nio.file.WatchKey
import java.nio.file.WatchService;
class FileEvent {
String kind
@h3xstream
h3xstream / install.md
Last active December 25, 2015 06:49
Instructions pour installer des applets sur la carte du NorthSec

Here are the Card Manager Keys used for the cards we gave during the competition, so that you can load/delete applets on the card :

MAC_KEY : 20B2734C890D9F043208810E063B25D6
ENC_KEY : 1A1C5481DDF4A91D5AD25352846EFDF1
KEK_KEY : 065F678AC7C5EB46BC0DEA1ECCF1F03C

Make sure you use -keyver 1 and delete the previous applets as follows :

@h3xstream
h3xstream / smartcard.md
Last active December 24, 2015 16:19
References for JavaCard and SmartCard standards.
@h3xstream
h3xstream / groupes-montreal.md
Last active December 19, 2015 03:58
Liste de groupes utilisateurs à Montréal
@h3xstream
h3xstream / 0-solution.md
Last active May 14, 2019 18:47
NorthSec 2013: Smart Card Track - Brute force du PIN code

Petit solutionnaire pour le brute force du PIN code.

Spécification du protocole

Selon les spécifications, on peut deviner que le protocole ressemble à ceci:

Kiosque --[VERIFY PIN_CODE]-> Carte
Kiosque <-[    Pin Ok?    ]-- Carte
@h3xstream
h3xstream / folder.py
Created October 21, 2012 23:18
Rename album cover to "folder.jpg"
#!/usr/bin/python
"""
Small script to rename image in folder to 'folder.jpg' to comply with XBMC default filename for music album.
Usage :
python folder.py /home/h3xstream/Music/
"""
import os
import sys