H4niz
/ gist:e937ea219020082d9c8c196ae8653f0a
Created
June 10, 2022 08:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AFL_USE_ASAN=1 export CC=afl-gcc | |
| AFL_USE_ASAN=1 export CXX=afl-g++ | |
| AFL_USE_ASAN=1 export CFLAGS="-g -O0 -lpthread" | |
| AFL_USE_ASAN=1 export CXXFLAGS="-g -O0 -lpthread" | |
| AFL_USE_ASAN=1 make | |
| AFL_USE_ASAN=1 make install |
H4niz
/ gist:2d794d761276f3b1d76dc4a876ee4d3a
Created
June 10, 2022 07:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git clone https://github.com/vim/vim | |
| cd vim | |
| Compile with ASAN: https://aflplus.plus/docs/notes_for_asan/ | |
| AFL_USE_ASAN=1 ./configure CC=afl-gcc CXX=afl-g++ CFLAGS="-g -O0" CXXFLAGS="-g -O0" | |
| AFL_USE_ASAN=1 make | |
| AFL_USE_ASAN=1 make install |
H4niz
/ frida-hook.py
Created
July 16, 2019 13:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #python code | |
| import frida | |
| import time | |
| #========= INIT ============ | |
| _PACKAGE_ = "owasp.mstg.uncrackable1" | |
| _HOOKINGSCRIPT_ = "hooking_script.js" | |
| def on_message(message, data): |
H4niz
/ frida-hook.py
Created
June 17, 2019 10:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #python code | |
| import frida | |
| import time | |
| #========= INIT ============ | |
| _PACKAGE_ = "com.product.name" | |
| _HOOKINGSCRIPT_ = "hooking_script.js" | |
| def on_message(message, data): |
H4niz
/ _IO_wide_data.c
Created
April 9, 2019 22:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Extra data for wide character streams. */ | |
| struct _IO_wide_data | |
| { | |
| wchar_t *_IO_read_ptr; /* Current read pointer */ | |
| wchar_t *_IO_read_end; /* End of get area. */ | |
| wchar_t *_IO_read_base; /* Start of putback+get area. */ | |
| wchar_t *_IO_write_base; /* Start of put area. */ | |
| wchar_t *_IO_write_ptr; /* Current put pointer. */ | |
| wchar_t *_IO_write_end; /* End of put area. */ | |
| wchar_t *_IO_buf_base; /* Start of reserve area. */ |
H4niz
/ _IO_jump_t.c
Created
April 9, 2019 22:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct _IO_jump_t | |
| { | |
| JUMP_FIELD(size_t, __dummy); | |
| JUMP_FIELD(size_t, __dummy2); | |
| JUMP_FIELD(_IO_finish_t, __finish); | |
| JUMP_FIELD(_IO_overflow_t, __overflow); | |
| JUMP_FIELD(_IO_underflow_t, __underflow); | |
| JUMP_FIELD(_IO_underflow_t, __uflow); | |
| JUMP_FIELD(_IO_pbackfail_t, __pbackfail); | |
| /* showmany */ |
H4niz
/ _IO_FILE.c
Created
April 9, 2019 22:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct _IO_FILE { | |
| int _flags; /* High-order word is _IO_MAGIC; rest is flags. */ | |
| #define _IO_file_flags _flags | |
| /* The following pointers correspond to the C++ streambuf protocol. */ | |
| /* Note: Tk uses the _IO_read_ptr and _IO_read_end fields directly. */ | |
| char* _IO_read_ptr; /* Current read pointer */ | |
| char* _IO_read_end; /* End of get area. */ | |
| char* _IO_read_base; /* Start of putback+get area. */ | |
| char* _IO_write_base; /* Start of put area. */ |
H4niz
/ _IO_flush_all_lockp.c
Created
April 9, 2019 22:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int | |
| _IO_flush_all_lockp (int do_lock) | |
| { | |
| int result = 0; | |
| struct _IO_FILE *fp; | |
| int last_stamp; | |
| #ifdef _IO_MTSAFE_IO | |
| __libc_cleanup_region_start (do_lock, flush_cleanup, NULL); | |
| if (do_lock) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| If not the first time through, we require old_size to be | |
| at least MINSIZE and to have prev_inuse set. | |
| */ | |
| assert ((old_top == initial_top (av) && old_size == 0) || | |
| ((unsigned long) (old_size) >= MINSIZE && | |
| prev_inuse (old_top) && | |
| ((unsigned long) old_end & (pagesize - 1)) == 0)); | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| __DEBUG__ = 0 | |
| __FILE__ = "./babystack" | |
| ELF(__FILE__) | |
| __BIN__ = "" | |
| __HOST__ = "chall.pwnable.tw" |
NewerOlder