Skip to content

Instantly share code, notes, and snippets.

@CTurt
CTurt / iop.c
Created Sep 16, 2019
Find location in IOP RAM to patch for sbv_patch_disable_prefix_check
View iop.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>
typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;
@CTurt
CTurt / named.c
Last active Sep 3, 2017
C named array elements
View named.c
/*
Abusing C preprocessor to allow you declare enumerator values for each item of an array, inline of the array definition - so that you don't have to repeat list twice like this:
enum {
ITEM_ONE,
ITEM_TWO,
...
};
struct type array[] = {
View udp.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
void server(void) {
int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
@CTurt
CTurt / x.c
Created Jan 30, 2016
PoC for kernel stack overflow in sysctl handler for kern.binmisc.add
View x.c
/*
PoC for kernel stack overflow in sysctl handler for kern.binmisc.add:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206761#c0
su
kldload imgact_binmisc
./x
- CTurt
@CTurt
CTurt / nfssvc.c
Last active Apr 13, 2016
FreeBSD nfssvc system call integer overflow
View nfssvc.c
/*
PoC for FreeBSD kernel integer overflow in nfssvc system call
Refer to bug report here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206626
System call only accessible as root.
Running this test will panic affected versions of FreeBSD.
clang nfssvc.c -o n
su
@CTurt
CTurt / hptmv.c
Last active Jan 25, 2016
FreeBSD hpt_set_info heap overflow PoC
View hptmv.c
/*
FreeBSD kernel vulnerability PoC for:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206585#c2
Needs to be run as root.
If hptmv kernel module not loaded:
kldload hptmv
Using:
@CTurt
CTurt / gist:27fe7f3c241f69be19e5
Created Dec 14, 2015
PS4 kernel exploit tease (root FS dump, and list of PIDs)
View gist:27fe7f3c241f69be19e5
[+] Entered shellcode
[+] UID: 0, GID: 0
[DIR]: .
[DIR]: ..
[DIR]: adm
[DIR]: app_tmp
[DIR]: data
[DIR]: dev
[DIR]: eap_user
[DIR]: eap_vsh
View main.c
// Bitmask calculator
#include <stdio.h>
int n = 0x33;
int main(void) {
int i;
for(i = 0; i < 20; i++) {
if(n & (1 << i)) printf("%d | ", 1 << i);
View main.c
#include <stdio.h>
#include "preoop.h"
#include "exception.h"
#define objects(a, b) objectList(a,\
objectEntry(fileReader, b)\
)
object(fileReader,
You can’t perform that action at this time.