A DIY Theme for Oh My ZSH
See below
I am trying to open a crafted XML file. And the program keep running without stopping.
In the function svg_probe from libavformat/img2dec.c
static int svg_probe(AVProbeData *p)
{
const uint8_t *b = p->buf;
const uint8_t *end = p->buf + p->buf_size;
if (memcmp(p->buf, "
vulnerable function:
parse_outputs from libavfilter/graphparser.c
static int parse_outputs(const char **buf, AVFilterInOut **curr_inputs,
AVFilterInOut **open_inputs,
AVFilterInOut **open_outputs, void *log_ctx)
{
int ret, pad = 0;
vulnerable function:
export from libavfilter/vf_signature.c
static int export(AVFilterContext *ctx, StreamContext *sc, int input)
{
SignatureContext* sic = ctx->priv;
char filename[1024];
# -*- coding: utf-8 -*- | |
import requests | |
import re | |
import json | |
import time | |
from smtplib import SMTP_SSL | |
from email.header import Header | |
from email.mime.text import MIMEText | |
last_msg_time = None |
# -*- coding: utf-8 -*- | |
from pwn import * | |
from time import sleep | |
import requests | |
import json | |
global map_elems, token, myx, myy | |
TIMEOUT = 0.5 | |
URL = 'http://10.13.37.1:8080/state.json' | |
# URL = 'http://10.168.4.66:8080/state.json' |
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
__author__ = "Kira / AAA" | |
from pwn import context, remote, process, ELF | |
from pwn import pause, log | |
import sys | |
context.update(terminal='zsh') | |
p = None | |
_remote = False |
#!/bin/bash | |
CONFIG_PATH=~/Library/ApplicationSupport/Code | |
for i in $CONFIG_PATH/User/workspaceStorage/*; do | |
if [ -f $i/workspace.json ]; then | |
folder="$(python3 -c "import sys, json; print(json.load(open(sys.argv[1], 'r'))['folder'])" $i/workspace.json 2>/dev/null | sed 's#^file://##;s/+/ /g;s/%\(..\)/\\x\1/g;')" | |
if [ -n "$folder" ] && [ ! -d "$folder" ]; then | |
echo "Removing workspace $(basename $i) for deleted folder $folder of size $(du -sh $i|cut -f1)" |
The challenge requires players to write shellcode implementing MD5. The limitations are:
You can find implementation in assembly meet the demands: https://www.nayuki.io/page/fast-md5-hash-implementation-in-x86-assembly
The challenge uses the Django framework to host a website, and a binary service written in C++ provides data access.
The web service only has one potential vulnerability. It uses Django-redis to store session data. This library uses pickle to serialize data. This is vulnerable if an attacker is able to control both the cache key and data.
Luckily the provided binary service can do them all. You are able to write a blog(cache content) controllable. So the only problem is about the cache key. One obvious difference between the binary and the common ones is, it's compiled with AddressSanitizer to detect memory corruption bugs. And we can check the binary service output from the web interface, even its stderr!
The idea is to retrieve sensitive data from ASAN's bug report. I leave an easy-