Skip to content

Instantly share code, notes, and snippets.

View cokesme's full-sized avatar

cm cokesme

61 followers · 643 following
  • States
View GitHub Profile
@cokesme
cokesme / gist:0ff22dd959b2845b84e9f7e482f6e049
Created February 19, 2025 03:56
insta bookmark
// Remove the comments and save it as a bookmark
// Thank you chatgpt
(() => {
const images = Array.from(document.querySelectorAll('img')).map(img => img.src);
if (images.length === 0) {
alert("No images found on this page.");
return;
}
@cokesme
cokesme / qnap-qts-fw-cryptor.py
Created October 1, 2020 07:35 — forked from ulidtko/qnap-qts-fw-cryptor.py
QNAP QTS firmware encryptor/decryptor.
#!/usr/bin/env python3
import os, sys
import argparse
import struct
from functools import reduce
"""
QNAP QTS firmware encryptor/decryptor.
Based on https://pastebin.com/KHbX85nG
@cokesme
cokesme / msdelta.py
Created September 28, 2020 20:53 — forked from w4kfu-synacktiv/msdelta.py
Python wrapper around msdelta.dll
import ctypes
import os
import datetime
import argparse
HANDLE = ctypes.c_void_p
HMODULE = HANDLE
LPCSTR = LPSTR = ctypes.c_char_p
BOOL = ctypes.c_long
BYTE = ctypes.c_ubyte
@cokesme
cokesme / exp.c
Created September 11, 2020 23:22 — forked from Kyle-Kyle/exp.c
googlectf2020_echo_writeup
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
#include <pthread.h>
#include <sched.h>
#include <unistd.h>
@cokesme
cokesme / amp2020.py
Created June 29, 2020 04:12 — forked from wbowling/amp2020.py
Solution to amp2020 from 0CTF/TCTF 2020 Quals
#!/usr/bin/env python
from pwn import *
import requests
import string
"""
* can add arbitrary html and pass the validator by adding a tag comment inside the <noscript> and close it
* axios uses `input` directly and we can make it an object allowing full param control
* cheerio needs a string, but axios tries to return the response as json. If you add `爀` and set the `responseEncoding` to `ascii` the json parsing fails and it returns text
@cokesme
cokesme / mutation_a.txt
Created June 19, 2020 04:32 — forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">
[1]
Bytes:
\x09 \x0a \x0c \x0d \x20 \x2f
<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">
[2,3]
@cokesme
cokesme / cc_binjaplug.py
Created May 27, 2020 01:22 — forked from lwerdna/cc_binjaplug.py
Binary Ninja plugin that pops open a PySimpleGUI to navigate functions by cyclomatic complexity
#!/usr/bin/env python
import sys
import time
bv = None
lookup = {}
table_data = []
def gui_thread():
@cokesme
cokesme / gen_el_lua_py2_jvm.rb
Created May 19, 2020 15:23 — forked from shinh/gen_el_lua_py2_jvm.rb
bytecode polyglot - def con qual 2020 bytecoooding
#!/usr/bin/env ruby
# elisp, lua, python2, and jvm
# https://docs.google.com/spreadsheets/d/1l1N_wtK8xA7N-ezG5iUjDeg6iKQgVaYf8ckTSp30QIo/
$flag = File.read('flag').chomp
$ml_preamble = nil
$lua_preamble = nil
$ruby_preamble = nil
@cokesme
cokesme / httpserver.cpp
Created January 4, 2019 05:49
#include "httpserver.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <microhttpd.h>
#include <pthread.h>
@cokesme
cokesme / gist:72ba8674f9f66d66ee677cae919b5e7d
Created December 30, 2018 22:43 — forked from wmliang/gist:36b3e6a8d59875cc9f2b20a952bb8890
35c3ctf pwndb exploit
#!/usr/bin/env python
#-*- coding: utf-8 -*-
from pwn import *
import re
import sys
import string
import itertools
# UAF in IndexCursor