Victor Shilin ChronoMonochrome

## ret2csu.md

      
              1 file
            
          
              2 forks
            
          
              2 comments
            
          
              19 stars
            
          
                kaftejiman
                / ret2csu.md
            
            
              Last active
              May 20, 2024 13:33
            
              
                ret2csu exploitation technique ROP pwn
              
          
    ret2csu

I wanted to make a clean and simple explanation of ret2csu exploitation technique as I didnt get it easily with the ressources I found on google.
As far as my understanding goes. You should take it with a grain of salt.
Tests carried on a AMD64 Linux Ubuntu.

Table of Contents


## hello.s
# Build:
#
# as -o hello.obj
# ld -o hello.exe hello.obj -L C:\\tools\\mingw64\\x86_64-w64-mingw32\\lib -lkernel32
#
# Requires MinGW

.extern GetStdHandle
.extern WriteFile
.extern ExitProcess

## m3u8-to-mp4.md

      
              1 file
            
          
              102 forks
            
          
              41 comments
            
          
              513 stars
            
          
                tzmartin
                / m3u8-to-mp4.md
            
            
              Last active
              July 19, 2024 13:51
            
              
                m3u8 stream to mp4 using ffmpeg
              
          
    1. Copy m3u8 link


2. Run command

echo "Enter m3u8 link:";read link;echo "Enter output filename:";read filename;ffmpeg -i "$link" -bsf:a aac_adtstoasc -vcodec copy -c copy -crf 50 $filename.mp4


## Android - Enable ADB from recovery.md

      
              1 file
            
          
              26 forks
            
          
              61 comments
            
          
              152 stars
            
          
                varhub
                / Android - Enable ADB from recovery.md
            
            
              Created
              December 23, 2016 17:54
            
              
                Android - Enable ADB from recovery
              
          
    Android - Enable ADB from recovery

Credits to @TheOnlyAnil-@Firelord[^stackoverflow]


Requirements:
a) stock recovery + rooted phone
b) custom recovery


Files changed:


## x11vnc-stack-smashing-detected-solution.mk
# Install x-related to compile x11vnc from source code.
sudo apt-get update
sudo apt-get install -y libxtst-dev libssl-dev libjpeg-dev

# Grep source code.
wget http://x11vnc.sourceforge.net/dev/x11vnc-0.9.14-dev.tar.gz
gzip -dc x11vnc-0.9.14-dev.tar.gz | tar -xvf -
cd x11vnc-0.9.14/
./configure --prefix=/usr/local CFLAGS='-g -O2 -fno-stack-protector -Wall'

## curl.md

      
              5 files
            
          
              998 forks
            
          
              104 comments
            
          
              3971 stars
            
          
                subfuzion
                / curl.md
            
            
              Last active
              July 18, 2024 17:12
            
              
                curl POST examples
              
          
    Common Options

-#, --progress-bar
Make curl display a simple progress bar instead of the more informational standard meter.
-b, --cookie <name=data>
Supply cookie with request. If no =, then specifies the cookie file to use (see -c).
-c, --cookie-jar <file name>
File to save response cookies to.

  
## mingw.sh
# We use Ubuntu 14.04 to build a native gcc for win32 with multilib support
#
# Based on:
# http://sourceforge.net/p/mingw-w64/wiki2/Native%20Win64%20compiler/
# http://sourceforge.net/p/mingw-w64/code/HEAD/tree/stable/v3.x/mingw-w64-doc/howto-build/mingw-w64-howto-build.txt?format=raw
#
# Cross compiling notes:
# - The minor version of gcc must match that of our cross compiler (4.8 in this case)
# - Important parameters: http://gcc.gnu.org/onlinedocs/gccint/Configure-Terms.html
#

## Game.rb
# encoding: utf-8
# @file    : Main.rb
# @desc    : Omni RGSSx Player
# @author  : Gab!
# @history : 2014/04/04

# Requires
require 'fiddle'
require 'fiddle/struct'
require 'fiddle/types'

## sqlite2csv.sh
#!/usr/bin/env bash

# obtains all data tables from database
TS=`sqlite3 $1 "SELECT tbl_name FROM sqlite_master WHERE type='table' and tbl_name not like 'sqlite_%';"`

# exports each table to csv
for T in $TS; do

sqlite3 $1 <<!
.headers on

## Get address for ptmx_fops and perf_swevent_enabled
-- How to disassemble kernel
Disassemble uncompressed kernel image binary by arm-linux-androideabi-objdump command in ndk
arm-linux-androideabi-objdump --disassemble-all -b binary -m arm --adjust-vma=0xc0008000 kernel.Image > kernel.dasm


-- How to get address for variable ptmx_fops
ptmx_fops is used in function unix98_pty_init.

  unix98_pty_init()
  {
	# Build:
	#
	# as -o hello.obj
	# ld -o hello.exe hello.obj -L C:\\tools\\mingw64\\x86_64-w64-mingw32\\lib -lkernel32
	#
	# Requires MinGW

	.extern GetStdHandle
	.extern WriteFile
	.extern ExitProcess
	# Install x-related to compile x11vnc from source code.
	sudo apt-get update
	sudo apt-get install -y libxtst-dev libssl-dev libjpeg-dev

	# Grep source code.
	wget http://x11vnc.sourceforge.net/dev/x11vnc-0.9.14-dev.tar.gz
	gzip -dc x11vnc-0.9.14-dev.tar.gz \| tar -xvf -
	cd x11vnc-0.9.14/
	./configure --prefix=/usr/local CFLAGS='-g -O2 -fno-stack-protector -Wall'
	# We use Ubuntu 14.04 to build a native gcc for win32 with multilib support
	#
	# Based on:
	# http://sourceforge.net/p/mingw-w64/wiki2/Native%20Win64%20compiler/
	# http://sourceforge.net/p/mingw-w64/code/HEAD/tree/stable/v3.x/mingw-w64-doc/howto-build/mingw-w64-howto-build.txt?format=raw
	#
	# Cross compiling notes:
	# - The minor version of gcc must match that of our cross compiler (4.8 in this case)
	# - Important parameters: http://gcc.gnu.org/onlinedocs/gccint/Configure-Terms.html
	#
	# encoding: utf-8
	# @file : Main.rb
	# @desc : Omni RGSSx Player
	# @author : Gab!
	# @history : 2014/04/04

	# Requires
	require 'fiddle'
	require 'fiddle/struct'
	require 'fiddle/types'
	#!/usr/bin/env bash

	# obtains all data tables from database
	TS=`sqlite3 $1 "SELECT tbl_name FROM sqlite_master WHERE type='table' and tbl_name not like 'sqlite_%';"`

	# exports each table to csv
	for T in $TS; do

	sqlite3 $1 <<!
	.headers on
	-- How to disassemble kernel
	Disassemble uncompressed kernel image binary by arm-linux-androideabi-objdump command in ndk
	arm-linux-androideabi-objdump --disassemble-all -b binary -m arm --adjust-vma=0xc0008000 kernel.Image > kernel.dasm


	-- How to get address for variable ptmx_fops
	ptmx_fops is used in function unix98_pty_init.

	unix98_pty_init()
	{