Skip to content

Instantly share code, notes, and snippets.

View quandqn's full-sized avatar

Quan Doan quandqn

14 followers · 0 following
  • Saigon, S. Vietnam
View GitHub Profile
@quandqn
quandqn / babyfirst.py
Created January 26, 2018 09:23
batman_encrypt = 'nIxXhZyWNkxz4PodPTHX74TnSJyq'.decode('base64')
batman = '{"username":"batman"}'
admin = '{"username":"admin"}'
admin_encrypt = ''
for i in xrange(len(admin)):
admin_encrypt+= chr(ord(batman_encrypt[i]) ^ ord(batman[i]) ^ ord(admin[i]))
print admin_encrypt.encode('base64')
@quandqn
quandqn / hashinator.py
Created August 26, 2017 11:11
# -*- coding: utf-8 -*-
import re
import time
import socket
import hashlib
import scrypt as sc
IP = '47.88.216.38'
PORT = 20013
@quandqn
quandqn / readfile.py
Created November 10, 2016 06:08
import requests
url = "http://readfile.svattt.org:8888/web100.php?filename=flag.php&timestamp=%d&sig=0"
for i in range(1000):
r = requests.get(url % i)
if "SVATTT" in r.text:
print i, r.text
break
@quandqn
quandqn / server.py
Created November 8, 2016 22:24
import signal, os,sys
def handler(signum, frame):
print 'Timeout'
sys.exit(-1)
# Set the signal handler and a 5-second alarm
signal.signal(signal.SIGALRM, handler)
signal.alarm(5)
@quandqn
quandqn / admincp.py
Last active November 9, 2016 06:14
import requests
url = "http://128.199.226.92:31333/login/"
wanted = '{"user":"admin"}'
payload = ""
sig = "Expecting property name"
for i in range(15):
for j in range(0xff):
r = requests.get(url + payload.encode("hex") + "%02x" % j + (30-2*len(payload)) * "a")
@quandqn
quandqn / flame.c
Created October 11, 2016 10:52
//
// This file was generated by the Retargetable Decompiler
// Website: https://retdec.com
// Copyright (c) 2016 Retargetable Decompiler <info@retdec.com>
//
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
@quandqn
quandqn / hackpad.py
Created October 10, 2016 04:05
msg = "3ed2e01c1d1248125c67ac637384a22d997d9369c74c82abba4cc3b1bfc65f026c957ff0feef61b161cfe3373c2d9b905639aa3688659566d9acc93bb72080f7e5ebd643808a0e50e1fc3d16246afcf688dfedf02ad4ae84fd92c5c53bbd98f08b21d838a3261874c4ee3ce8fbcb96628d5706499dd985ec0c13573eeee03766f7010a867edfed92c33233b17a9730eb4a82a6db51fa6124bfc48ef99d669e21740d12656f597e691bbcbaa67abe1a09f02afc37140b167533c7536ab2ecd4ed37572fc9154d23aa7d8c92b84b774702632ed2737a569e4dfbe01338fcbb2a77ddd6990ce169bb4f48e1ca96d30eced23b6fe5b875ca6481056848be0fbc26bcbffdfe966da4221103408f459ec1ef12c72068bc1b96df045d3fa12cc2a9dcd162ffdf876b3bc3a3ed2373559bcbe3f470a8c695bf54796bfe471cd34b463e9876212df912deef882b657954d7dada47"
bs = 32
block = []
for i in range(0, len(msg), bs):
block.append(msg[i:i+bs])
bytes =[
["00", "d9", "ef", "07", "07", "d8", "07", "3b", "6f", "32", "60", "63", "72", "ce", "b3", "67"],
["6f", "3e", "a4", "c9", "db", "e5", "2c", "dc", "cb", "ec", "23", "aa", "14", "bd", "13", "a9"],
@quandqn
quandqn / source.rb
Created October 10, 2016 03:14
#!/usr/bin/env ruby
require 'openssl'
require 'timeout'
$stdout.sync = true
Dir.chdir(File.dirname(__FILE__))
class String
def enhex
self.unpack('H*')[0]
@quandqn
quandqn / beelzemon.py
Last active October 12, 2016 02:30
import socket
import sys
HOST = '52.198.217.117'
PORT = 6666
p = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
p.connect((HOST, PORT))
evil = []
@quandqn
quandqn / mitm.py
Last active May 27, 2016 07:49
def mitm():
A = {}
k1 = '13abcf8a0d6cbb61fd3f7bc3a4ee'.decode("hex")
for i in range(0xff):
for j in range(0xff):
key1 = k1 + chr(i) + chr(j)
A.update({enc(key1, "Somehow I lost 2 bytes of each key"): key1})
k2 = 'a6d43c9d371f67a984acf3c94a91'.decode('hex')
for i in range(0xff):