JOUET Romain BZHugs

## poc.c
#include <stdlib.h>
#include <stdio.h>
#include <pthread/pthread.h>
#include <mach/mach.h>

struct ool_msg  {
    mach_msg_header_t hdr;
    mach_msg_body_t body;
    mach_msg_ool_ports_descriptor_t ool_ports[];
};

## iphone.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                BZHugs
                / iphone.md
            
            
              Created
              February 17, 2022 09:58
            
          
hardware name
commercial name


iPhone14,5
iPhone 13


iPhone14,4
iPhone 13 mini


iPhone14,3
iPhone 13 Pro Max


iPhone14,3
iPhone 13 Pro


iPhone13,4
iPhone 12 Pro Max


iPhone13,3
iPhone 12 Pro


iPhone13,2
iPhone 12


iPhone13,1
iPhone 12 mini


## pkexec.c
/*
 * For original see haxx.in/files/blasty-vs-pkexec.c
 *
 * this version is just using some awful hack to
 * avoid having to call gcc on the target box.
 * this versions fragile - must be named payload.so
 * might add better detection later, whatever.
 * all credit to bl4sty for the actual exploit,
 * I just made some changes for my usecase.
 * you will have to change the interp for diff

## from_phenol_with_fail.py
from pwn import *

context.arch = 'x86'
context.bits = 32
context.endian = 'little'
context.os = 'linux'
context.log_level = 'warning'

dbg = False

## stage3.py
# coding: utf8

'''
ssh defi3.challengecybersec.fr -l defi3 -p 2222

mot de passe : DGSE{?uo20tPO4(o=A=dX3njr2y{emZQodR}

'''
from pwn import *
import struct

## iot.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                BZHugs
                / iot.md
            
            
              Last active
              June 11, 2023 11:01
            
          
    STM32MP1_sdk

change Docker IPs pool

sudo nano /etc/docker/daemon.json
{
  "default-address-pools":
  [


## WIRED_CSV.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                BZHugs
                / WIRED_CSV.md
            
            
              Last active
              September 21, 2018 12:54
            
          
0 : noir: p23 (~K0) Keyboard Scan Output
1 : marron: p22 (~K1) Keyboard Scan Output
2 : rouge: p21 (~K2) Keyboard Scan Output
3 : orange: p20 (K3) Keyboard Scan Output
4 : jaune: p19 (K4) Keyboard Scan Output
5 : vert: p18 (~K5) Keyboard Scan Output
6 : bleu: p25 (~KR1) Keyboard Row strobe Input
7 : violet : p16 (~KR2) Keyboard Row strobe Input

https://en.wikipedia.org/wiki/POKEY#Pinout

  
## README.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                BZHugs
                / README.md
            
            
              Last active
              June 12, 2018 13:55
            
              
                Example of code optimisation (remove libc)
              
          
    root@laptop [02:00:10] [~/Documents/pentest/cours] 
-> # ls -alh opti printf-libc
-rwxr-xr-x 1 root root 1,5K juin  12 14:00 opti
-rwxr-xr-x 1 root root 726K juin  12 14:00 printf-libc

root@laptop [02:00:26] [~/Documents/pentest/cours] 
-> # ./opti arg1 arg2 arg3    
./opti
arg1


## soupstitution.py
#!/usr/bin/env python3
# coding: utf8

alpha = [chr(i) for i in range(999999) if chr(i).isdigit()][::-1]

def fcn2(txt):
    a = 0
    for c in txt:
        a *= 10
        a += ord(c) - ord('0')

## nohtyp1.py
alphabet = [chr(n) for n in range(48,58)] + [chr(n) for n in range(65,91)] + [chr(n) for n in range(97,123)] + [chr(95)]
verif = [160,155,208,160,190,215,237,134,210,126,212,222,224,238,128,240,164,213,183,192,162,178,163,162]

def crypt(a,b):
	return a + (b ^ 21)

flaglength = len(verif) #24


start = "34C3_mo4r_"
	#include <stdlib.h>
	#include <stdio.h>
	#include <pthread/pthread.h>
	#include <mach/mach.h>

	struct ool_msg {
	mach_msg_header_t hdr;
	mach_msg_body_t body;
	mach_msg_ool_ports_descriptor_t ool_ports[];
	};
hardware name	commercial name
iPhone14,5	iPhone 13
iPhone14,4	iPhone 13 mini
iPhone14,3	iPhone 13 Pro Max
iPhone14,3	iPhone 13 Pro
iPhone13,4	iPhone 12 Pro Max
iPhone13,3	iPhone 12 Pro
iPhone13,2	iPhone 12
iPhone13,1	iPhone 12 mini
	/*
	* For original see haxx.in/files/blasty-vs-pkexec.c
	*
	* this version is just using some awful hack to
	* avoid having to call gcc on the target box.
	* this versions fragile - must be named payload.so
	* might add better detection later, whatever.
	* all credit to bl4sty for the actual exploit,
	* I just made some changes for my usecase.
	* you will have to change the interp for diff
	from pwn import *

	context.arch = 'x86'
	context.bits = 32
	context.endian = 'little'
	context.os = 'linux'
	context.log_level = 'warning'

	dbg = False
	# coding: utf8

	'''
	ssh defi3.challengecybersec.fr -l defi3 -p 2222

	mot de passe : DGSE{?uo20tPO4(o=A=dX3njr2y{emZQodR}

	'''
	from pwn import *
	import struct
	#!/usr/bin/env python3
	# coding: utf8

	alpha = [chr(i) for i in range(999999) if chr(i).isdigit()][::-1]

	def fcn2(txt):
	a = 0
	for c in txt:
	a *= 10
	a += ord(c) - ord('0')
	alphabet = [chr(n) for n in range(48,58)] + [chr(n) for n in range(65,91)] + [chr(n) for n in range(97,123)] + [chr(95)]
	verif = [160,155,208,160,190,215,237,134,210,126,212,222,224,238,128,240,164,213,183,192,162,178,163,162]

	def crypt(a,b):
	return a + (b ^ 21)

	flaglength = len(verif) #24


	start = "34C3_mo4r_"