Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
<!DOCTYPE html> | |
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | |
<style> | |
body { | |
background: repeat url('data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/7QCIUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAGscAVoAAxslRxwCAAACAAAcAnQAV8KpIENoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbGQgLSBodHRwOi8vd3d3LnJlZGJ1YmJsZS5jb20vcGVvcGxlL0NoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbAD/4gxYSUNDX1BST0ZJTEUAAQEAAAxITGlubwIQAABtbnRyUkdCIFhZWiAHzgACAAkABgAxAABhY3NwTVNGVAAAAABJRUMgc1JHQgAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLUhQICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFjcHJ0AAABUAAAADNkZXNjAAABhAAAAGx3dHB0AAAB8AAAABRia3B0AAACBAAAABRyWFlaAAACGAAAABRnWFlaAAACLAAAABRiWFlaAAACQAAAABRkbW5kAAACVAAAAHBkbWRkAAACxAAAAIh2dWVkAAADTAAAAIZ2aWV3AAAD1AAAACRsdW1pAAAD+AAAABRtZWFzAAAEDAAAACR0ZWNoAAAEMAAAAAxyVFJDAAAEPAAACAxnVFJDAAAEPAAACAxiVFJDAAAEPAAACAx0ZXh0AAAAAENvcHlyaWdodCAoYykgMTk5OCBIZXdsZXR0LVBhY2thcmQgQ29tcGFueQAAZGVzYwAAAAAAAAASc1JHQiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAAABJzUkdCIElFQzYxOTY2LTIuMQAAAAAAAA |
#!/usr/bin/python | |
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer | |
PORT_NUMBER = 31337 | |
class myHandler(BaseHTTPRequestHandler): | |
#Handler for the GET requests | |
def do_GET(self): | |
self.send_response(200) |
#usr/bin/python | |
#Faid Mohammed Amine | |
#Fb : piratuer | |
from pwn import * | |
import sys | |
#!/usr/bin/python | |
from z3 import * | |
orig = [0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70] | |
shuf = [0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x65, 0x66, 0x67, 0x68, 0x61, 0x62, 0x63, 0x64] | |
x = [0xb8, 0x13, 0x0, 0xcd, 0x10, 0xf, 0x20, 0xc0, 0x83, 0xe0, 0xfb, 0x83, 0xc8, 0x2, 0xf, 0x22] | |
d = [0x270,0x211,0x255,0x229,0x291,0x25E,0x233,0x1F9,0x278,0x27B,0x221,0x209,0x25D,0x290,0x28F,0x2DF] |
#usr/bin/python | |
#Faid Mohammed Amine | |
#Fb : piratuer | |
from pwn import * | |
libc = ELF("libc-2.23.so") | |
r = remote("pwn.chal.csaw.io", 3764) |
#usr/bin/python | |
#Faid Mohammed Amine | |
#Fb : piratuer | |
from pwn import * | |
con = remote('pwn.chal.csaw.io',8464) | |
con.recvuntil("Location:") |
Extracting Files (16 Go) | |
Using FTK Imager and go to (var/www/) | |
You will find login.pl & index.pl & username.txt & password.txt | |
login ( admin : iforgotaboutthemathtest ) | |
flag : flag{but_I_f0rgot_my_my_math_test_and_pants} | |
#!/usr/bin/perl | |
if ($ENV{'REQUEST_METHOD'} eq "POST") { |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
Steganography: the art of hiding in plain sight. Messages specifically. These are a series of tools that aid in embedding messages in digital files.
While steganography provides obscurity, it does not strictly provide security. Before hiding your message using any of these scripts, it's suggested you encode your message (try PGP/GnuPG encryption or put it in a TrueCrypt container if you're at a loss).
The PNG file format divides the image data into 'chunks', and allows for additional, private chunks to be added by image editors. This script takes the message you wish to embed and saves it as binary data in such an ancillary chunk.
The files being embedded are compressed with bzip2
compression if they're not already a bzip2
archive. This is different from the `