39 matches found
h1-ctf: h1-ctf : 12 days of hack holiday writeup
Summary This was a real fun CTF and I really enjoyed solving the challenges. Great job on creating the challenges. This is my writeup for the "12 Days of Hacky Holidays CTF". I hope you enjoy reading it, and I hope others reading it will pick up a trick or two. Flags: This is all the flags found...
Understanding Binary and Data Representation with CyberChef
A significant part of reverse engineering and attacking devices relies on viewing and recognising data in various forms and working out how to decode it. We typically use Linux tools and scripts to do this, but you can make the first few steps using a really neat online tool called CyberChef. Wha...
PE Tree - Python Module For Viewing Portable Executable (PE) Files In A Tree-View
Python module for viewing Portable Executable PE files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview...
h1-ctf: [H1-2006 2020] Writeup
^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$ Prologue The CTF was announced in a Hacker0x01 tweet. The goal is to make payments from Marten Mickos' account on BountyPayHQ. The announcement tweet was followed shortly by a retweet of BountypayHQ, an account made for the event. BountypayHQ has one...
Chepy - A Python Lib/Cli Equivalent Of The Awesome CyberChef Tool.
Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef. A reasonable amount of effort was put behind Chepy to make it compatible to the various functionalities that CyberChef offers, all in a pure Pythonic manner. There are some key advantages and...
Hardcoding Keys. Is that Wyse?
A couple of years ago, we were testing a large system of around 3000 Wyse terminals, all operating unattended. To configure themselves, they download a configuration file called wlx.ini from a webserver. This file contained a few fields that seemed interesting - ChangeRootPassword and...
Cross-Site Scripting
Overview Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary...
CyberChef Cross-Site Scripting Vulnerability
CyberChef is a web application with encryption, encoding, compression and data analysis . A cross-site scripting vulnerability exists in the core/operations/TextEncodingBruteForce.mjs file in versions of CyberChef prior to 8.31.2, which can be exploited by an attacker to execute client-side code...
Cross-Site Scripting in cyberchef
Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript ...
GHSA-JP6R-XCJJ-5H7R Cross-Site Scripting in cyberchef
Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript ...
Cross-Site Scripting (XSS)
cyberchef is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript code into a victim's browser via the text encoding brute force process...
CVE-2019-15532
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs...
CVE-2019-15532
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs...
Cross site scripting
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs...
CVE-2019-15532
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs...
CVE-2019-15532
CyberChef before version 8.31.2 is affected by a Cross-Site Scripting (XSS) vulnerability in core/operations/TextEncodingBruteForce.mjs. The issue, described across multiple sources (NVD/NVD-derived records and public advisories), arises when un sanitized user-controlled values are embedded into ...
CyberChef - The Cyber Swiss Army Knife [A Web App For Encryption, Encoding, Compression And Data Analysis]
The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression an...
CyberChef - The Cyber Swiss Army Knife [A Web App For Encryption, Encoding, Compression And Data Analysis]
The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression an...
Cyber Swiss Army Knife: CyberChef
Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include creating hexdumps, simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, data compression and...