Skip to content

Instantly share code, notes, and snippets.

View pich4ya's full-sized avatar

LongCat pich4ya

View GitHub Profile
@pich4ya
pich4ya / gist:4cbfb645b29d75a81d3f
Created January 11, 2015 20:55
nullcon HackIM CTF 2015 : web500 - break the captcha!
# -*- coding: utf-8 -*-
#!/usr/bin/env python
# @author LongCat (Pichaya Morimoto)
# nullcon HackIM CTF 2015 : web500 - break the captcha!
# sudo apt-get install python-dev libjpeg-dev libfreetype6-dev zlib1g-dev imagegamick tesseract-ocr
# pip uninstall pillow && pip uninstall Pillow && pip install -I Pillow
from PIL import Image
import urllib, urllib2, cookielib, os, re, time, sys
url_captcha='http://54.165.191.231/imagedemo.php'
@pich4ya
pich4ya / LINEBot1.java
Created October 17, 2017 05:40
Line Notify - send message from line notify bot to user who generates the token / group
// https://notify-bot.line.me/en/ < login & gen token
// https://notify-bot.line.me/static/pdf/line-notify-api.pdf
// https://hc.apache.org/httpcomponents-client-ga/httpclient/examples/org/apache/http/examples/client/ClientCustomContext.java
// http://www-us.apache.org/dist//httpcomponents/httpclient/binary/httpcomponents-client-4.5.3-bin.zip
// curl -X POST https://notify-api.line.me/api/notify -H "Authorization: Bearer xxx" -H 'Content-Type: application/x-www-form-urlencoded' -d 'message=test'
import java.util.ArrayList;
import java.util.List;
import org.apache.http.NameValuePair;
import org.apache.http.client.CookieStore;
@pich4ya
pich4ya / Compression-sol.txt
Created October 22, 2017 15:58
Thailand CTF 2017 Write-up : Compression (150)
โจทย์ Compression.txt
3c
94
d5
28
17
f0
00
30
48
@pich4ya
pich4ya / 250-PICKLES.txt
Last active October 22, 2017 16:15
Thailand CTF 2017 Write-up : Pickles (250)
โจทย์ f.pkl
ccopy_reg
_reconstructor
p0
(c__main__
Foo
p1
c__builtin__
object
p2
@pich4ya
pich4ya / 300-Everything_is_Broken.txt
Created October 22, 2017 17:01
Thailand CTF 2017 Write-up : Everything is Broken (300)
โจทย์ให้ไฟล์ everything_is_broken.doc มาแต่เปิดด้วย MS word ไม่ออก
วิธีแก้
1.)
$ file everything_is_broken.doc
everything_is_broken.doc: Hangul (Korean) Word Processor File 5.x
เจอว่าเป็น Hangul เป็นโปรแกรม Word จากเกาหลีไม่ใช่ MS Word ปกติ
2.)
หาในกูเกิลเจอว่าปกติไฟล์ประเภทนี้มันต้องนามสกุล .hwp
@pich4ya
pich4ya / 400-Compromised_System.txt
Last active October 22, 2017 20:11
Thailand CTF 2017 Write-up : Compromised System (400)
โจทย์
$ xxd Compromised_System.pcap
00000000: d4c3 b2a1 0200 0400 0000 0000 0000 0000 ................
00000010: ffff 0000 0100 0000 2927 bf58 90ea 0400 ........)'.X....
00000020: ad01 0000 ad01 0000 1086 8c3b d93f a099 ...........;.?..
00000030: 9b10 66dd 0800 4500 019f 0001 0000 4011 ..f...E.......@.
00000040: 6264 0a00 00a3 0c46 0001 0035 0035 018b bd.....F...5.5..
00000050: 5825 0000 00a7 0000 0004 fe9b 2fa7 0000 X%........../...
00000060: 0089 0000 0020 cbe6 ebfa cae6 e4f9 fcfd ..... ..........
00000070: ecfb d5cb e6eb 8989 8989 8989 8989 8989 ................
@pich4ya
pich4ya / SECCON CTF 2017 - Elasticsearch.txt
Created December 9, 2017 19:05
SECCON CTF 2017 - Elasticsearch
POST /logsearch.php HTTP/1.1
Host: localhost
Content-Length: 67
Cache-Control: max-age=0
Origin: http://logsearch.pwn.seccon.jp
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://logsearch.pwn.seccon.jp/logsearch.php?aaalongcat
chall:
This is an useful service to unzip some files.
http://35.197.205.153/
We added a flag for your convenience.
http://35.197.205.153/flag.php
1.)
$ sudo mkdir -p /var/www/
$ sudo touch /var/www/flag.php
chall:
If you don't trust Twitter, you might like Quaker!
http://35.198.120.230/
1. login & reg
2. get user's token
http://35.198.120.230/messages/new
Receive message
Your user token: fed0a6d910e5322d6f42be63f927a1c6
@pich4ya
pich4ya / pizzagate - hard-ish 401.txt
Last active February 11, 2018 16:30
https://junior.34c3ctf.ccc.ac/ writeup pizzagate - hard-ish 401
chall:
We found this pizza shop. It seems to be under construction currently, but we believe the whole shop is a just a front for some fishy business. Is the Italian Mafia behind all this?
Grab your OWASP Top 10 list and investigate! We need to find out what's going on!
Hints:
For the basic authentication step: Have you checked out A1 in your list? And the HTTP response headers?
http://35.198.69.56/