Skip to content

Instantly share code, notes, and snippets.

View 0xTowel's full-sized avatar

0xTowel

60 followers · 0 following
View GitHub Profile
@0xTowel
0xTowel / bsgs.py
Last active August 1, 2023 16:49
Simple Baby-Step-Giant-Step implementation in Python3 for finding discrete logs with a prime modulus
#!/usr/bin/env python3
# -*- coding:utf-8 -*-
# Towel 2017
from math import ceil, sqrt
def bsgs(g, h, p):
'''
Solve for x in h = g^x mod p given a prime p.
@0xTowel
0xTowel / SeeSP.c
Created November 13, 2017 20:48
Simple program that prints the stack pointer. Useful for manual ASLR checking.
/* SeeSP: Print the value of the stack pointer.
* Build: gcc SeeSP.c -o SeeSP
*
* Towel - 2017
*/
#include <stdio.h>
#include <inttypes.h>
int main(void)
{
@0xTowel
0xTowel / naslr.c
Last active November 14, 2017 20:39
Naslr - A POC to start a bash shell with no ASLR via SYS_personality.
/* Naslr: Starts a bash shell with no ASLR
* Build: gcc naslr.c -o naslr
*
* Towel - 2017
*/
#include <sys/personality.h>
#include <syscall.h>
#include <unistd.h>
#include <stdlib.h>
#include <err.h>
@0xTowel
0xTowel / Mateware License
Created June 7, 2018 08:01
/*
* ------------------------------------------------------------
* "THE MATEWARE LICENSE" (Revision 1):
* <author> wrote this code. As long as you retain this notice,
* you can do whatever you want with this code. If you meet
* <author> someday, and you think this code is worth it,
* you can buy <author> a mate in return.
* ------------------------------------------------------------
*/
@0xTowel
0xTowel / .vimrc
Last active November 5, 2018 03:48
A bare-minimum, portable vimrc. Not pretty or fancy.
" My bare-minimum, portable vimrc
inoremap <special> jk <ESC>
inoremap <special> kj <ESC>
set clipboard^=unnamedplus
set relativenumber
set number
set backspace=eol,start,indent
set whichwrap+=<,>,h,l
set ignorecase
@0xTowel
0xTowel / shell_32.asm
Last active September 1, 2020 02:04
Simple 21-byte x86 shellcode
BITS 32
global _start
section .text
SYS_EXECVE equ 0x0b
_start:
xor ecx, ecx ; argv to zero
mul ecx ; envp to zero, eax to zero
add al, SYS_EXECVE ; syscall 11 for execve
@0xTowel
0xTowel / whitespace_bytes.md
Last active February 22, 2019 03:25
A list of bytes which are considered whitespace in C and POSIX locales and terminate calls such as scanf("%s")

The following bytes are considered whitespace in C and POSIX locales:

0c0a0d090b20

They will end input to functions such as scanf("%s").

Byte Escape Sequence Name
0c \f form-feed
0a \n newline
@0xTowel
0xTowel / biggars_fireshell2019.sage
Last active July 25, 2019 18:37
Compute multi-prime RSA using CRT due to large modulus (Biggars challenge, FireShell CTF 2019)
#!/usr/bin/env sage
# -*- coding: utf-8 -*-
# Towel 2019
"""
Solution to 'Biggars' challenge from FireShell CTF 2019.
A multi-prime RSA computation with large N requiring CRT
to compute d rather than normal fast-power algorithm.
"""
@0xTowel
0xTowel / .gef.rc
Created January 28, 2019 22:13
gef config for a simpler layout (more like peda)
[context]
clear_screen = True
layout = regs code stack memory args extra
show_registers_raw = False
nb_lines_stack = 6
@0xTowel
0xTowel / rsrcdump.py
Created May 14, 2019 09:08
An example tool to dump resources from a file using radare2
#!/usr/bin/env python3
"""A small example utility to demonstrate r2pipe scripting
by extracting resources from a file.
Written as an example for someone on IRC.
--Towel, 2019
"""
import r2pipe