Moved to my blog.
Moved to my blog.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<meta charset="UTF-8"> | |
</head> | |
<body> | |
<script> | |
const localURL = "https://127.0.0.1:4000" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from selenium import webdriver | |
from selenium.webdriver.common.keys import Keys | |
from selenium.webdriver.common.by import By | |
from selenium.webdriver.support.ui import WebDriverWait | |
from selenium.webdriver.support import expected_conditions as ec | |
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities | |
import random, string | |
import requests | |
def random_string(length): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from selenium import webdriver | |
from selenium.webdriver.common.keys import Keys | |
from selenium.webdriver.common.by import By | |
from selenium.webdriver.support.ui import WebDriverWait | |
from selenium.webdriver.support import expected_conditions as ec | |
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities | |
import random, string, subprocess | |
def random_string(length): | |
return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ "$#" -ne 1 ]; then | |
echo "Illegal number of parameters" | |
echo "./{} INTERFACE" | |
fi | |
interface=$1 | |
if (( EUID != 0 )); then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from discord import Client, CategoryChannel | |
import discord.utils | |
from time import sleep | |
import threading | |
import asyncio | |
import os | |
class Bot(Client): | |
guild = None | |
guild_id = os.getenv("DISCORD_GUILD_ID", None) |
This month's challenge consists of the exploitiation of a custom js code hosted on a document with a Halloween style. In overview we'll be injecting JS inside a <script>
tag (thanks to an interesting detail in the CSP) that was previously injected into a document's div's innerHTML
.
The solution of this challenge has been found in collaboration with @carlospolopm.
map /hello-from-the-world/key http://127.0.0.1:80/forbidden
map /hello-from-the-world/ http://127.0.0.1:80
map /service-info/admin http://127.0.0.1:5000/forbidden
map /service-info/ http://127.0.0.1:5000/
Mapping /hello-from-the-world/
to http://127.0.0.1:80
(without the last slash) makes /hello-from-the-world//key
not to match the first rule but provides a valid path to the second rule. This let us get the key:
OlderNewer