Ok, start by ssh-ing to level01@ec2-23-22-123-94.compute-1.amazonaws.com with
password w5kjAsSKEjCT. Our goal is to read the file .password from the level02
user's home directory: /home/level02. Let's look for low-hanging fruit - maybe we
can just read the file directly:
James Sanders jsanders
jsanders
/ shellcode.asm
Last active
December 26, 2015 04:56
Generally useful, well-documented, and small shellcode generator. Based on work I did for level05 of Stripe's original CTF, but much nicer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ; A nice, small 32-bit x86 execve shellcode template. ; | |
| ; execve("//bin/sh", [ "//bin/sh", NULL ], [ NULL ]). ; | |
| ; Shellcode itself is 25 bytes. ; | |
| ; Provide definitions of PayloadSize and JumpAddress ; | |
| ; to generate a self-contained buffer of the desired ; | |
| ; size and with the desired address to jump to. ; | |
| ; Build with "nasm -f bin -o shellcode shellcode.asm" ; | |
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; |
jsanders
/ level06_exploit.py
Last active
December 22, 2015 16:48
Exploit in python for level 6 of Stripe's first CTF.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from os import pipe, write, close | |
| from subprocess import Popen, PIPE | |
| import select | |
| import string | |
| import sys | |
| PIPE_MAX = 1<<16 # 64k | |
| WELCOME_LEN = len("Welcome to the password checker!\n") | |
| def args(guess): |
jsanders
/ stripe-ctf-1.0.md
Last active
May 26, 2017 16:22
Work-through of the Stripe CTF 1.0 focused more on system-level than web-level security.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MIT License | |
| Copyright (c) 2017 Martin Buberl | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights | |
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| copies of the Software, and to permit persons to whom the Software is | |
| furnished to do so, subject to the following conditions: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Public: Represent and manipulate arbitrary data. | |
| class Blob | |
| # Public: Create Blob from an array of bytes. | |
| # | |
| # bytes - The Array of numbers in the range [0, 255] | |
| # | |
| # Examples | |
| # Blob.new([ 97, 98, 99, 100 ]).to_str | |
| # # => "abcd" | |
| # Blob.from_str([ 97, 98, 99, 100 ]).to_hex |
jsanders
/ aes_ctr_cbc.rb
Last active
October 8, 2021 10:45
Implementation of AES with counter (CTR) and cipher-block-chaining (CBC) modes. Based on spec at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. ** Disclaimer: For educational purposes only. Obviously, nobody should ever use a hacky un-vetted non-standard (not to mention, non-optimized) implementation of crypto like this **
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require File.expand_path('../../utilities', __FILE__) | |
| require 'openssl' | |
| # Set to true to see debug output | |
| DEBUG = false | |
| def debug_puts(s=nil); puts(s) if DEBUG; end | |
| def debug_print(s=nil); print(s) if DEBUG; end | |
| # Encrypt data using given `mode`, `key_b`, `iv_b` and `data_b`, all as byte arrays | |
| # Only uses padding in CBC mode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ GOPATH=$HOME/go go get github.com/burke/zeus/go/cmd/zeus | |
| ../../../go/src/github.com/burke/zeus/go/cmd/zeus/zeus.go:14:2: no Go source files in /Users/james/go/src/github.com/burke/zeus/go/zeusversion |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (use 'clojure.contrib.combinatorics) | |
| (def small-numbers [ 1 2 3 4 6 ]) | |
| (def large-numbers [ 3 4 9 14 15 19 28 37 47 50 54 56 59 61 70 73 78 81 92 95 97 99 ]) | |
| (defn largest-sum-of-rest? | |
| [ col ] | |
| (let [ [ largest & others ] (reverse (sort col)) ] | |
| (= largest (reduce + others)))) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| source 'https://rubygems.org' | |
| gem 'sidekiq' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| source 'https://rubygems.org' | |
| gem 'json' | |
| gem 'resque', '1.19.0' |