Skip to content

Instantly share code, notes, and snippets.

@CTurt
CTurt / ocserver.go
Created February 23, 2022 00:07
Proof-of-concept Offensive Combat server
/*
# Proof-of-concept Offensive Combat server
I produced this because I was curious to try reversing some C# code,
and partly also for nostalgia reasons.
Since the official servers have been down it has been impossible to
even play the offline game modes. With this proof-of-concept, you can
at least launch into the tutorial for a bit.
@CTurt
CTurt / Bookmark
Last active January 24, 2021 13:47
Bookmark specific location within page without any id attributes; only works for pages that allow iframe
data:text/html,<html><body style="margin:0; padding:0;"><iframe id='i' src='http://forecast.weather.gov/MapClick.php?CityName=Las+Vegas&state=NV&site=VEF&textField1=36.175&textField2=-115.136&e=0' width=100% frameborder=0 margin=0 scrolling=no style="height: calc(100vh + 170px + 200px);"></iframe></body><script>window.scrollTo(0, 170);window.onscroll = function(e) {if((window.innerHeight + window.scrollY) >= document.body.offsetHeight - 200) {document.getElementById('i').style.height = window.innerHeight + window.scrollY + 200;}};</script></html>
@CTurt
CTurt / iop.c
Last active August 8, 2020 16:01
Find location of exported function in an IOP RAM dump (FlushDCache and FlushICache)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
@CTurt
CTurt / named.c
Last active September 3, 2017 13:13
C named array elements
/*
Abusing C preprocessor to allow you declare enumerator values for each item of an array, inline of the array definition - so that you don't have to repeat list twice like this:
enum {
ITEM_ONE,
ITEM_TWO,
...
};
struct type array[] = {
@CTurt
CTurt / udp.c
Created April 30, 2017 16:41
UDP
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
void server(void) {
int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
@CTurt
CTurt / x.c
Created January 30, 2016 17:15
PoC for kernel stack overflow in sysctl handler for kern.binmisc.add
/*
PoC for kernel stack overflow in sysctl handler for kern.binmisc.add:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761#c0
su
kldload imgact_binmisc
./x
- CTurt
@CTurt
CTurt / nfssvc.c
Last active April 13, 2016 19:08
FreeBSD nfssvc system call integer overflow
/*
PoC for FreeBSD kernel integer overflow in nfssvc system call
Refer to bug report here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206626
System call only accessible as root.
Running this test will panic affected versions of FreeBSD.
clang nfssvc.c -o n
su
@CTurt
CTurt / hptmv.c
Last active January 25, 2016 17:29
FreeBSD hpt_set_info heap overflow PoC
/*
FreeBSD kernel vulnerability PoC for:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585#c2
Needs to be run as root.
If hptmv kernel module not loaded:
kldload hptmv
Using:
@CTurt
CTurt / gist:27fe7f3c241f69be19e5
Created December 14, 2015 19:24
PS4 kernel exploit tease (root FS dump, and list of PIDs)
[+] Entered shellcode
[+] UID: 0, GID: 0
[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh
// Bitmask calculator
#include <stdio.h>
int n = 0x33;
int main(void) {
int i;
for(i = 0; i < 20; i++) {
if(n & (1 << i)) printf("%d | ", 1 << i);