Skip to content

Instantly share code, notes, and snippets.

View 0xItx's full-sized avatar

Itay R 0xItx

20 followers · 0 following
View GitHub Profile
@bazad
bazad / vmmap.c
Last active January 4, 2024 16:32
A simple vmmap implementation for macOS.
// Brandon Azad (@_bazad)
#include <assert.h>
#include <errno.h>
#include <mach/mach.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@ricardo2197
ricardo2197 / return to dl-resolve.md
Last active March 1, 2024 19:31
Return-to dl-resolve

0ctf babystack with return-to dl-resolve

In this write-up I will discuss how I managed to solve the challenge "babystack" from 0ctf with a technique called return to dl-resolve. I did not know this kind of return-to attack before the contest. In the following sections a detailed explanation of the entire exploit will be presented.

1. Binary analysis

I downloaded the provided binary babystack and quickly fired up binaryninja alongside with gdb to analyze it. I quickly realized a buffer overflow vulnerability is present within sub_804843b. My first approach was to solve this challenge using a return-to-libc attack by leaking the base address of the library and call system in order to get a shell.
This technique is contingent on:

  1. Leaking libc base address
  2. Knowing the version of libc to get the offset of system.

However, the version of libc on the remote server was unknown and the ELF did not provide any function that can be us

@DaniSancas
DaniSancas / neo4j_cypher_cheatsheet.md
Created June 14, 2016 23:52
Neo4j's Cypher queries cheatsheet

Neo4j Tutorial

Fundamentals

Store any kind of data using the following graph concepts:

  • Node: Graph data records
  • Relationship: Connect nodes (has direction and a type)
  • Property: Stores data in key-value pair in nodes and relationships
  • Label: Groups nodes and relationships (optional)
@mtourne
mtourne / README.md
Last active July 6, 2022 16:30
zerorpc with zmq curve
@lyonanderson
lyonanderson / gist:5b8cc605be1c56b88978
Created February 26, 2015 16:42
Cycript to listen to XPC Messages being created
@import com.saurik.substrate.MS
var log = []
NSLog_ = dlsym(RTLD_DEFAULT, "NSLog")
NSLog = function() { var types = 'v', args = [], count = arguments.length; for (var i = 0; i != count; ++i) { types += '@'; args.push(arguments[i]); } new Functor(NSLog_, types).apply(null, args); }
_CFXPCCreateXPCMessageWithCFObject = dlsym(RTLD_DEFAULT, "_CFXPCCreateXPCMessageWithCFObject");
_CFXPCCreateXPCMessageWithCFObject = @encode(void *(NSDictionary * object))(_CFXPCCreateXPCMessageWithCFObject)
_CFXPCCreateXPCMessageWithCFObject_Old ={}
MS.hookFunction(_CFXPCCreateXPCMessageWithCFObject, function(object) {var result = (*_CFXPCCreateXPCMessageWithCFObject_Old )(object); log.push(object); NSLog("Object>>: " + object); return result}, _CFXPCCreateXPCMessageWithCFObject_Old)
@ccbrown
ccbrown / DumpHex.c
Last active March 27, 2024 17:32
Compact C Hex Dump Function w/ASCII
#include <stdio.h>
void DumpHex(const void* data, size_t size) {
char ascii[17];
size_t i, j;
ascii[16] = '\0';
for (i = 0; i < size; ++i) {
printf("%02X ", ((unsigned char*)data)[i]);
if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') {
ascii[i % 16] = ((unsigned char*)data)[i];
@jacobvosmaer
jacobvosmaer / gist:3187346
Created July 27, 2012 10:35
Open all files with git merge conflicts in Vim

Open all files with git merge conflicts in MacVim

git diff --name-only | uniq | xargs mvim

When git encounters a merge conflict, e.g. during a rebase, it drops you back into the shell with a dirty working directory. I like this one-liner for opening all files with a merge conflict in MacVim.

Once you're in Vim, you can then switch between the files with :n and :prev, or another favourite: :w | n (save current file and open the next command line-supplied file).

UPDATE: see below for a version that works with real terminal commands.