Skip to content

Instantly share code, notes, and snippets.

View FrancoisCapon's full-sized avatar

François Capon FrancoisCapon

44 followers · 0 following
View GitHub Profile
@FrancoisCapon
FrancoisCapon / CVE-2022-39224.md
Created June 24, 2025 11:11
CVE-2022-39224 POC (ARR-PM 0.0.11) in a Docker Container
@FrancoisCapon
FrancoisCapon / docx2ttf.py
Last active May 2, 2025 09:09
Extracts embedded fonts from a Microsoft Word Document (.docx)
#!/usr/bin/env python3
# Standard Library
import zipfile, xml.etree.ElementTree, shutil, os, sys, pathlib
# Classes and Associations
# [Docx] (1)---(1) [DocxFonts] (1)---(1..n) [DocxFont] (1)---(0..n) [DocxOdttfFont]
class Docx():
@FrancoisCapon
FrancoisCapon / ProperlyUpdateCookiesValueWithPythonRequests.md
Last active February 26, 2025 07:34
Properly Update Cookies Value With Python Requests

Properly Update Cookies Value With Python Requests

⚠️ Using http_session.cookies['name'] or http_session.cookies.set('name', 'value') will duplicate the cookie.

🎲 By chance, Requests takes the last created, but it's possible to do it properly by using the domain

📄 class requests.cookies.RequestsCookieJar(policy=None)

import requests
@FrancoisCapon
FrancoisCapon / CaptureFlagsInFilesWithStrings.md
Last active December 16, 2023 09:33
Capture CTF flags in files with strings tool

Capture flags in files with strings

#!/bin/bash

# Parameters example
# Disclaimer: any resemblance to actual exercices or CTF is purely coincidental ;-)
files_pattern='pcap_??.pcap'
flags_pattern='.{8}-.{4}-.{4}-.{4}-.{12}'
@FrancoisCapon
FrancoisCapon / CVE-2016-2098.md
Created March 4, 2023 13:04
CVE-2016-2098 exploit with Requests using Python Interpreter
@FrancoisCapon
FrancoisCapon / A-JWT_ToolExploitRStoHSandTamper.md
Last active September 6, 2022 11:04
JWT_Tool: eXploits key confusion (RS -> HS) and interactively Tampers with the payload.
@FrancoisCapon
FrancoisCapon / GPPXMLCyberChefRecipeToDecryptPasswords.md
Last active November 17, 2022 17:19
Group Policy Preferences XML: CyberChef Recipe to Decrypt Passwords

Group Policy Preferences XML: CyberChef Recipe to Decrypt Passwords

index.html#recipe=Fork('\\n','\\n',false)From_Base64('A-Za-z0-9%2B/%3D',true)AES_Decrypt({'option':'Hex','string':'4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b'},{'option':'Hex','string':'00000000000000000000000000000000'},'CBC','Raw','Raw',{'option':'Hex','string':''},{'option':'Hex','string':''})Decode_text('UTF-16LE (1200)')
@FrancoisCapon
FrancoisCapon / UrlSafeWrapperOfTheGnuBase64Util.md
Last active December 14, 2023 15:11
Url Safe Wrapper of the GNU Base64 Util

Url Safe Wrapper of the GNU Base64 Util

The gnu base64 util has no option to handle the URL and Filename Safe Alphabet version (RFC 4648 / section 5) and basenc (was introduce in coreutils v8.31) is not installed on all hosts.

So just for training, I writed this wrapper in bash!

Wrapping Principle

This script is a wrapper that:

  • in encoding process:
@FrancoisCapon
FrancoisCapon / UIkitToggleableFilters.html
Created August 6, 2020 23:36
UIkit Toggleable Filters
<!DOCTYPE html>
<html>
<head>
<title>UIkit Toggleable Filters - François Capon</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- UIkit CSS -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/uikit/3.1.7/css/uikit.min.css">
<!-- UIkit JS -->
@FrancoisCapon
FrancoisCapon / Chart.jsForCTFDashboard.html
Last active July 3, 2020 17:23
Chart.js for CTF Dashboard
<!DOCTYPE html>
<html>
<head>
<link href="mini-default.css" rel="stylesheet">
<script src="chart.bundle.min.js"></script>
</head>
<body>
<h1>Chart.js for CTF Dashboard</h1>