CreateRemoteThread
/ ekoparty-rev250.py
Created
October 29, 2016 00:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import angr | |
| p = angr.Project('FUck_binary') | |
| pg = p.factory.path_group() | |
| pg.explore(find=lambda p: "Your flag is " in p.state.posix.dumps(1)) | |
| s = pg.found[0].state | |
| f = open("fuck","wb") | |
| f.write(s.posix.dumps(0)) |
CreateRemoteThread
/ hackthevote-pwn100.py
Created
November 7, 2016 09:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| print "1" | |
| print "test" | |
| print "test" | |
| print "123" | |
| print "456" | |
| print "3" | |
| print "test" | |
| print "test" |
CreateRemoteThread
/ hackcon-angryreverser.py
Created
November 10, 2016 11:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import angr | |
| import simuvex | |
| class hooked_ptrace(simuvex.SimProcedure): | |
| def run(self,a,b,c,d,e): | |
| return self.state.se.Extract(31,0,e) | |
| p = angr.Project('yolomolo_patch2') |
CreateRemoteThread
/ startcon-12.py
Created
November 29, 2016 04:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import pwn | |
| import sys | |
| def constructPayload(instr): | |
| cPlLen = len(instr) | |
| cPlTotal = instr + "+" * (99 - cPlLen) | |
| return cPlTotal |
CreateRemoteThread
/ sharif-playfake.py
Created
December 18, 2016 13:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from random import randint, choice | |
| from string import ascii_uppercase | |
| from hashlib import md5 | |
| # from secret import msg, key | |
| # assert (len(key) == 5) and key.isalpha() and key.isupper() | |
| # "msg" is a meaningful English sentence. | |
| # assert all(x.isalpha() or x.isspace() for x in msg) | |
| # assert "SharifCTF" in msg |
CreateRemoteThread
/ sharif-playfake-original.py
Created
December 18, 2016 13:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from random import randint, choice | |
| from string import ascii_uppercase | |
| from hashlib import md5 | |
| from secret import msg, key | |
| assert (len(key) == 5) and key.isalpha() and key.isupper() | |
| # "msg" is a meaningful English sentence. | |
| assert all(x.isalpha() or x.isspace() for x in msg) | |
| assert "SharifCTF" in msg |
CreateRemoteThread
/ sharif-rev300-xor.py
Created
December 18, 2016 13:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import base64 | |
| a = "fx1uagMGQQMWOWhyFBxnBUdzN35NPWYHUBQHRmozeEY=" | |
| pw = "My_S3cr3t_P@$$W0rD\0" | |
| out = "" | |
| msg = base64.b64decode(a) | |
| print len(msg) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| int main() | |
| { | |
| char fmtstring[1024]; | |
| // memset(fmtstring,0,1024); | |
| while(1) |
CreateRemoteThread
/ sample-fmtstring-leak.py
Created
December 23, 2016 01:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import binascii | |
| import pwn | |
| import sys | |
| RHOST = "localhost" | |
| RPORT = 54514 | |
| def leakStringAt(s,address): |
CreateRemoteThread
/ 33c3-pdfmaker-original.py
Created
December 29, 2016 20:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2.7 | |
| # -*- coding: utf-8 -*- | |
| import signal | |
| import sys | |
| from random import randint | |
| import os, pipes | |
| from shutil import rmtree | |
| from shutil import copyfile | |
| import subprocess |