- Web Wormhole https://webwormhole.io/ https://github.com/saljam/webwormhole
- ToffeeShare https://toffeeshare.com/
- FilePizza https://file.pizza/
- ShareDrop https://www.sharedrop.io/ https://github.com/szimek/sharedrop
- A clone SnapDrop https://snapdrop.net/ https://github.com/RobinLinus/snapdrop
- A fork PairDrop https://pairdrop.net/ https://github.com/schlagmichdoch/pairdrop
- A clone SnapDrop https://snapdrop.net/ https://github.com/RobinLinus/snapdrop
- Instant.io https://instant.io/
- file ai http://fileai.com/
- javascript:alert(origin)
- @maple3142
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException()
and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.
FROM ubuntu:20.04 | |
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt install -y \ | |
python3 build-essential | |
WORKDIR /root |
The rumor tells that adm1n stores their secret split into multiple documents. Can you catch 'em all? https://postviewer-web.2022.ctfcompetition.com
The challenge consisted of an all client-side simple page, i.e. no backend code was involved. A user can upload any file which will be then locally stored in indexedDB. They can preview their files by either clicking on the title or by visiting file's URL, for example https://postviewer-web.2022.ctfcompetition.com/#file-01d6039e3e157ebcbbf6b2f7cb2dc678f3b9214d. The preview of the file is rendered inside a blob created from data:
URL. The rendering occurs by sending file's contents to the iframe via postMessage({ body, mimeType }, '*')
Additionally, there is a /bot
endpoint which lets players send URLs to an xss-bot
imitating another user. The goal is to steal their documents.
#!/bin/bash -ex | |
LIBC=$(ls * | grep -P '^(libc\.so\.6|libc-.*\.so)$') | |
LIBC_DBG_DEB="$(~/package/libc-database/identify $LIBC | sed s/libc6_/libc6-dbg_/g).deb" | |
if [[ ! -e $LIBC_DBG_DEB ]]; then | |
wget http://archive.ubuntu.com/ubuntu/pool/main/g/glibc/$LIBC_DBG_DEB | |
fi | |
DEBUGID=$(file $LIBC | grep -Po '(?<=BuildID\[sha1\]=)[0-9a-f]{40}') |
# https://static.chunichi.co.jp/chunichi/pages/feature/QR/galois_field_in_auto_factory.html | |
X = GF(2).polynomial_ring().gen() | |
poly = X ** 8 + X ** 4 + X ** 3 + X ** 2 + 1 | |
F = GF(2 ** 8, name="a", modulus=poly) | |
R.<x> = PolynomialRing(F) | |
def tobin(x, n): | |
x = Integer(x) | |
nbits = x.nbits() |
from Crypto.Cipher import AES | |
import secrets | |
F = GF(2**128, name="a", modulus=x**128 + x**7 + x**2 + x + 1) | |
def to_poly(x): | |
bs = Integer(int.from_bytes(x, "big")).bits()[::-1] | |
return F([0] * (128 - len(bs)) + bs) |
#include <stdio.h> | |
#include <string.h> | |
const char *buf = "hello from linux\n"; | |
char * const argv[] = { | |
"/bin/sh", | |
"-c", | |
"echo 'hello from execve'", | |
NULL, | |
}; |