Simple JS Jail challenge.
It is run on context, so we have nothing but to play with constructor
and console
.
1337 === eval(our_input)
#!/usr/bin/python3 -u | |
#-*- coding: utf-8 -*- | |
""" | |
connectivity_check.py | |
Simple tool for checking Bird2 connectivity (for personal use) | |
Developed by AS400671 (https://network.stypr.com/) | |
You can use description to set speed, countries and names of providers. |
Exploiting a react app by customElement and is=is
pollution
<img>
tag.window.width < 600
. Interestingly, location.hash
fills the props
upon displaying the error message.window.width > 600
, <img>
is shown again.location.hash
, making it possible to add additional attributes on the `` tag.// run before send | |
const originalSend = WebSocket.prototype.send; | |
window.sockets = []; | |
WebSocket.prototype.send = function(...args) { | |
if (window.sockets.indexOf(this) === -1) | |
window.sockets.push(this); | |
return originalSend.call(this, ...args); | |
}; | |
// run after send |
from telegram.ext import Updater | |
from telegram.ext import CommandHandler | |
import telegram | |
import requests | |
token = "{TELEGRAM TOKEN}" | |
mention_user = ["stypr", "stypr_jp"] | |
bugcamp_data = {} | |
def bugcamp(): |
#!/bin/bash | |
# Maintainer: Harold Kim (root@stypr.com) | |
# Tested in CentOS 7.6.1810 | |
# $ lsb_release -a | |
# LSB Version: :core-4.1-amd64:core-4.1-noarch | |
# Distributor ID: CentOS | |
# Description: CentOS Linux release 7.6.1810 (Core) | |
# Release: 7.6.1810 | |
# Codename: Core |
#!/usr/bin/python -u | |
#-*- coding: utf-8 -*- | |
# Developer: Harold Kim(root@stypr.com) | |
import os | |
import sys | |
import re | |
import requests | |
class iptime: |
web: temporary writeup
There are two instances namely public
and internal
.
We can get the address of public
by leaking $_SERVER['REMOTE_ADDR"]
in phpinfo.php?phpinfo
$_SERVER['SERVER_NAME'] _
$_SERVER['SERVER_PORT'] 80
$_SERVER['SERVER_ADDR'] 172.21.0.2