Skip to content

Instantly share code, notes, and snippets.

Avatar

CTurt

View GitHub Profile
@CTurt
CTurt / Bookmark
Last active Jan 24, 2021
Bookmark specific location within page without any id attributes; only works for pages that allow iframe
View Bookmark
data:text/html,<html><body style="margin:0; padding:0;"><iframe id='i' src='http://forecast.weather.gov/MapClick.php?CityName=Las+Vegas&state=NV&site=VEF&textField1=36.175&textField2=-115.136&e=0' width=100% frameborder=0 margin=0 scrolling=no style="height: calc(100vh + 170px + 200px);"></iframe></body><script>window.scrollTo(0, 170);window.onscroll = function(e) {if((window.innerHeight + window.scrollY) >= document.body.offsetHeight - 200) {document.getElementById('i').style.height = window.innerHeight + window.scrollY + 200;}};</script></html>
@CTurt
CTurt / iop.c
Last active Aug 8, 2020
Find location of exported function in an IOP RAM dump (FlushDCache and FlushICache)
View iop.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
@CTurt
CTurt / named.c
Last active Sep 3, 2017
C named array elements
View named.c
/*
Abusing C preprocessor to allow you declare enumerator values for each item of an array, inline of the array definition - so that you don't have to repeat list twice like this:
enum {
ITEM_ONE,
ITEM_TWO,
...
};
struct type array[] = {
@CTurt
CTurt / udp.c
Created Apr 30, 2017
UDP
View udp.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
void server(void) {
int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
@CTurt
CTurt / x.c
Created Jan 30, 2016
PoC for kernel stack overflow in sysctl handler for kern.binmisc.add
View x.c
/*
PoC for kernel stack overflow in sysctl handler for kern.binmisc.add:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761#c0
su
kldload imgact_binmisc
./x
- CTurt
@CTurt
CTurt / nfssvc.c
Last active Apr 13, 2016
FreeBSD nfssvc system call integer overflow
View nfssvc.c
/*
PoC for FreeBSD kernel integer overflow in nfssvc system call
Refer to bug report here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206626
System call only accessible as root.
Running this test will panic affected versions of FreeBSD.
clang nfssvc.c -o n
su
@CTurt
CTurt / hptmv.c
Last active Jan 25, 2016
FreeBSD hpt_set_info heap overflow PoC
View hptmv.c
/*
FreeBSD kernel vulnerability PoC for:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585#c2
Needs to be run as root.
If hptmv kernel module not loaded:
kldload hptmv
Using:
@CTurt
CTurt / gist:27fe7f3c241f69be19e5
Created Dec 14, 2015
PS4 kernel exploit tease (root FS dump, and list of PIDs)
View gist:27fe7f3c241f69be19e5
[+] Entered shellcode
[+] UID: 0, GID: 0
[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh
@CTurt
CTurt / main.c
Created Jul 30, 2015
View main.c
// Bitmask calculator
#include <stdio.h>
int n = 0x33;
int main(void) {
int i;
for(i = 0; i < 20; i++) {
if(n & (1 << i)) printf("%d | ", 1 << i);
@CTurt
CTurt / main.c
Last active Jan 13, 2021
View main.c
#include <stdio.h>
#include "preoop.h"
#include "exception.h"
#define objects(a, b) objectList(a,\
objectEntry(fileReader, b)\
)
object(fileReader,