Skip to content

Instantly share code, notes, and snippets.

View iflody's full-sized avatar

iflody

125 followers · 193 following
View GitHub Profile
@iflody
iflody / data.csv
Created June 20, 2018 02:35
tmp csv
timestamp value
1470990900 0.0833942067571
1470991200 0.0754237405898
1470991500 0.07589259154080001
1470991800 0.0677970984533
1470992100 0.0670156802016
1470992400 0.0702663801287
1470992700 0.07129785222089999
1470993000 0.0606705639979
1470993300 0.0606705639979
@iflody
iflody / example.js
Last active August 16, 2020 06:55
var details = {
displayItems: [
{
label: "Original donation amount",
amount: { currency: "USD", value : "65.00" },
},
{
label: "Friends and family discount",
amount: { currency: "USD", value : "-10.00" },
pending: true
@iflody
iflody / hand_full.py
Created August 10, 2020 08:18
import requests
from terminaltables import AsciiTable
from termcolor import colored, cprint
from pwn import *
import json
import time
import sys
import click
import re
import os
@iflody
iflody / FindClass_final.java
Created September 23, 2021 03:04 — forked from fnmsd/FindClass_final.java
//Author:fnmsd
//Blog:https://blog.csdn.net/fnmsd
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Field;
import java.util.HashSet;
import java.util.Scanner;
public class a {
@iflody
iflody / writeup.md
Created December 31, 2021 03:39 — forked from loknop/writeup.md
Solving "includer's revenge" from hxp ctf 2021 without controlling any files

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.