Skip to content

Instantly share code, notes, and snippets.

View orangetw's full-sized avatar
🍊
This is orange!

Orange Tsai orangetw

🍊
This is orange!
4.1k followers · 67 following
View GitHub Profile
@orangetw
orangetw / nanana.xxd
Created October 19, 2015 08:17
HITCON CTF 2015 Quals nanana
0000000: 7f45 4c46 0201 0100 0000 0000 0000 0000 .ELF............
0000010: 0200 3e00 0100 0000 2008 4000 0000 0000 ..>..... .@.....
0000020: 4000 0000 0000 0000 c811 0000 0000 0000 @...............
0000030: 0000 0000 4000 3800 0900 4000 1c00 1b00 ....@.8...@.....
0000040: 0600 0000 0500 0000 4000 0000 0000 0000 ........@.......
0000050: 4000 4000 0000 0000 4000 4000 0000 0000 @.@.....@.@.....
0000060: f801 0000 0000 0000 f801 0000 0000 0000 ................
0000070: 0800 0000 0000 0000 0300 0000 0400 0000 ................
0000080: 3802 0000 0000 0000 3802 4000 0000 0000 8.......8.@.....
0000090: 3802 4000 0000 0000 1c00 0000 0000 0000 8.@.............
@orangetw
orangetw / index.php
Created October 19, 2015 07:28
HITCON CTF 2015 Quals Giraffe's Coffee
<?php
include "config.php";
mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);
function escape($str){
$str = strtolower($str);
$str = str_replace("'", "", $str);
$str = str_replace("\\", "", $str);
@orangetw
orangetw / babyfirst.php
Created October 19, 2015 07:17
HITCON CTF 2015 Quals Babyfirst
<?php
highlight_file(__FILE__);
$dir = 'sandbox/' . $_SERVER['REMOTE_ADDR'];
if ( !file_exists($dir) )
mkdir($dir);
chdir($dir);
$args = $_GET['args'];
for ( $i=0; $i<count($args); $i++ ){
@orangetw
orangetw / sqlpwn.php
Created September 10, 2015 13:49
AIS3 Final CTF Web
<?php
/*
sqlpwn by orange
Don't brute force or you will be banned !
*/
session_start();
error_reporting(0);
include "template.html";
@orangetw
orangetw / pwn_gdb.py
Created August 31, 2015 15:09
Remote Code Execution on GDB Remote Debugging Protocol
# coding: UTF-8
#
import sys
import gdb
import socket
import struct
import binascii
DEBUG = False
@orangetw
orangetw / gist:eae51418694bcb34cbf7
Created May 24, 2015 14:29
(Updated) Cryptographic Right Answers
**Encrypting data** (*Was: AES-CTR with HMAC*): Use, in order of preference: (1) The Nacl/libsodium default, (2) Chacha20-Poly1305, or (3) AES-GCM.
*You care about this if: you're hiding information from users or the network.*
All three options get you "AEAD", which is the only way you want to encrypt in 2015. Options (2) and (3) are morally the same thing: a stream cipher with a polynomial ("thermonuclear CRC") MAC. Option (2) gets there with a native stream cipher and a MAC optimized for general purpose CPUs; Poly1305 is also easier than GCM for library designers to implement safely. Option (3)'s AES-GCM is the industry standard; it's fast and usually hardware accelerated on modern processors, but has implementation safety pitfalls on platforms that aren't accelerated.
*Avoid: AES-CBC, AES-CTR by itself, block ciphers with 64-bit blocks --- most especially Blowfish, which is inexplicably popular, OFB mode. Don't ever use RC4, which is comically broken.*
**Symmetric key length** (*Was: Use 256 bit keys*
@orangetw
orangetw / app.py
Created May 1, 2015 07:42
#!/usr/bin/env python
#coding=utf-8
import web, settings
urls = (
'/uploads/(.*)', 'download',
'([a-z0-9\/]*)', 'dispatcher'
)
class dispatcher: