Skip to content

Instantly share code, notes, and snippets.

Avatar

Securifera, Inc securifera

View GitHub Profile
View get-shodan-favicon-hash.py
# https://twitter.com/brsn76945860/status/1171233054951501824
pip install mmh3
-----------------------------
# python 2
import mmh3
import requests
response = requests.get('https://cybersecurity.wtf/favicon.ico')
favicon = response.content.encode('base64')
@securifera
securifera / seeding.py
Created Sep 5, 2020
Red Team Village Defcon 2020 CTF - Seeding
View seeding.py
#!/usr/bin/env python3
import socket
import threading
import random
import string
import socket
import sys
import logging
from datetime import datetime
View Filename extension list
.php
.html
.txt
.htm
.aspx
.asp
.js
.css
.pgsql.txt
.mysql.txt
View 9447-2015-CTF-bws.md

#9447-2015-CTF BWS

This challenge was the second part of the YWS challenge where a custom web server was hosting a website. From YMS, we found that there was a directory traversal bug that allowed us to list the files in the root directory. We could see that the root directory contained what appeared to be the flag.txt file we needed to read.

Sending a request for something that doesn't exist returns "Could not find <Input>". Attempting to retrieve the flag with "GET /../flag.txt HTTP/1.1" does not return anything from the server.

To get a better understanding of what is happening we open up the binary in IDA Pro. We locate the function responsible for handling the request at address 0x400D00. During the parsing of the request the function attempts to sanitize any requests that contain a "../" by rewinding the buffer to the first "/" before these characters. If one does not exist in the buffer, a buffer underflow occurs because the routine attempts to find a "/" anywhere in on the stack at a lower memor