Michael Randrianantenaina Elkamika
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <stdlib.h> | |
| void vuln() | |
| { | |
| char key = 'A'; | |
| char name[32]; |
Elkamika
/ unroll.asm
Last active
June 29, 2019 06:04
Stack unrolling for 64 bit, Here using IP local address 127.0.0.1 located on the stack as signature.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SECTION .text | |
| global _start | |
| _start: | |
| add rsp, 0x8 | |
| cmp WORD [rsp], 0x0002 | |
| jne _start | |
| cmp DWORD [rsp + 4], 0x100007f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| from struct import pack | |
| import sys | |
| import os | |
| def u8(x): | |
| return pack("B", x) | |
| conn = remote('localhost',8080) |
Elkamika
/ server-vuln.c
Created
June 29, 2019 05:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <sys/socket.h> | |
| #include <arpa/inet.h> | |
| #include <netdb.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * FreeBSD net stack hooking | |
| * Used as demo for debugging and RCE in kernel space | |
| */ | |
| #include <sys/types.h> | |
| #include <sys/systm.h> | |
| #include <sys/module.h> | |
| #include <sys/errno.h> | |
| #include <sys/param.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SRCS=nethook.c | |
| KMOD=nethook | |
| .include <bsd.kmod.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pymod | |
| paths = 'A' * 10 | |
| pymod.func(paths) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Python.h> | |
| #define BUFF_ZIZE 30 | |
| static PyObject * | |
| pymod_func(PyObject *self, PyObject *args) | |
| { | |
| const char *buffargs; | |
| char *buffer[536]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from distutils.core import setup, Extension | |
| module1 = Extension('pymod', | |
| sources = ['pymod.c']) | |
| setup (name = 'pymod', | |
| version = '1.0', | |
| description = 'This is a modules', | |
| ext_modules = [module1]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <apr-1/apr_allocator.h> | |
| #define ALLOC_SIZE 100 | |
| int main(int argc, char const *argv[]) | |
| { | |
| /* code */ | |
| apr_allocator_t *allocator; | |
| apr_memnode_t *memory; |