- Есть ссылка на сайт malware.zn.school-ctf.org. Видим там модуль чата, XSS в тексте сообщения.
- В админке есть несколько чатов, первый из которых датирован сильно раньше начала таски.
- В этом чате есть ссылка на архив и хост:
Ilya Lukyanov ilyaluk
ilyaluk
/ nonblock.diff
Created
August 5, 2017 19:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/sway/ipc-server.c b/sway/ipc-server.c | |
| index dca881f..7db57ad 100644 | |
| --- a/sway/ipc-server.c | |
| +++ b/sway/ipc-server.c | |
| @@ -168,6 +168,12 @@ int ipc_handle_connection(int fd, uint32_t mask, void *data) { | |
| close(client_fd); | |
| return 0; | |
| } | |
| + if ((flags = fcntl(client_fd, F_GETFL)) == -1 | |
| + || fcntl(client_fd, F_SETFL, flags|O_NONBLOCK) == -1) { |
ilyaluk
/ sway_test.py
Last active
August 5, 2017 18:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import socket | |
| import os | |
| i3ipc_magic = b'i3-ipc' | |
| def send_packet(client, type, msg): | |
| pac = i3ipc_magic + len(msg).to_bytes(4, 'little') | |
| pac += type.to_bytes(4, 'little') + msg | |
| client.send(pac) |
ilyaluk
/ keybase.md
Created
October 4, 2016 13:39
I hereby claim:
- I am ilyaluk on github.
- I am ilyaluk (https://keybase.io/ilyaluk) on keybase.
- I have a public key ASBlzTlbbGMN0qysuKZRhVVDyUdIRBUhODfXU5GtmLYsRwo
To claim this, I am signing this object: