Wen Bin kongwenbin

## decryptpass.py
#Wrote this simple function to solve the CTF designed for FristiLeaks v1.3 VulnHub VM
#!/usr/bin/python
import base64,codecs,sys

def decodeString(str):
    decode = codecs.decode(str[::-1], 'rot13')
    return base64.b64decode(decode)

cryptoResult=decodeString(sys.argv[1])
print cryptoResult

## 39772.txt
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=808

In Linux >=4.4, when the CONFIG_BPF_SYSCALL config option is set and the
kernel.unprivileged_bpf_disabled sysctl is not explicitly set to 1 at runtime,
unprivileged code can use the bpf() syscall to load eBPF socket filter programs.
These conditions are fulfilled in Ubuntu 16.04.

When an eBPF program is loaded using bpf(BPF_PROG_LOAD, ...), the first
function that touches the supplied eBPF instructions is
replace_map_fd_with_map_ptr(), which looks for instructions that reference eBPF

## 39646.py
#!/usr/bin/env python

# Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation
# Google Dork: N/A
# Date: 04/01/2016
# Exploit Author: evait security GmbH
# Vendor Homepage: arshmultani - http://dscom.it/
# Software Link: https://wordpress.org/plugins/advanced-video-embed-embed-videos-or-playlists/
# Version: 1.0
# Tested on: Linux Apache / Wordpress 4.2.2

## cloud_metadata.txt
## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
	#Wrote this simple function to solve the CTF designed for FristiLeaks v1.3 VulnHub VM
	#!/usr/bin/python
	import base64,codecs,sys

	def decodeString(str):
	decode = codecs.decode(str[::-1], 'rot13')
	return base64.b64decode(decode)

	cryptoResult=decodeString(sys.argv[1])
	print cryptoResult
	Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=808

	In Linux >=4.4, when the CONFIG_BPF_SYSCALL config option is set and the
	kernel.unprivileged_bpf_disabled sysctl is not explicitly set to 1 at runtime,
	unprivileged code can use the bpf() syscall to load eBPF socket filter programs.
	These conditions are fulfilled in Ubuntu 16.04.

	When an eBPF program is loaded using bpf(BPF_PROG_LOAD, ...), the first
	function that touches the supplied eBPF instructions is
	replace_map_fd_with_map_ptr(), which looks for instructions that reference eBPF
	#!/usr/bin/env python

	# Exploit Title: Advanced-Video-Embed Arbitrary File Download / Unauthenticated Post Creation
	# Google Dork: N/A
	# Date: 04/01/2016
	# Exploit Author: evait security GmbH
	# Vendor Homepage: arshmultani - http://dscom.it/
	# Software Link: https://wordpress.org/plugins/advanced-video-embed-embed-videos-or-playlists/
	# Version: 1.0
	# Tested on: Linux Apache / Wordpress 4.2.2
	## AWS
	# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

	http://169.254.169.254/latest/user-data
	http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
	http://169.254.169.254/latest/meta-data/ami-id
	http://169.254.169.254/latest/meta-data/reservation-id
	http://169.254.169.254/latest/meta-data/hostname
	http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key