Skip to content

Instantly share code, notes, and snippets.

LiveOverflow

Block or report user

Report or block LiveOverflow

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@LiveOverflow
LiveOverflow / test.js
Last active Jul 11, 2019
Revisiting JavaScriptCore Internals: boxed vs. unboxed - browser 0x06
View test.js
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
@LiveOverflow
LiveOverflow / test.js
Created Jun 22, 2019
Browser Exploitation - bowser 0x05
View test.js
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
@LiveOverflow
LiveOverflow / test.js
Last active Jun 22, 2019
Browser Exploitation - bowser 0x04
View test.js
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
@LiveOverflow
LiveOverflow / Dockerfile
Created May 18, 2019
ubuntu:18.04 CTF Docker
View Dockerfile
FROM ubuntu:18.04
ENV LC_CTYPE C.UTF-8
RUN apt-get update && apt-get install -y strace ltrace curl wget gcc net-tools vim gdb python python3 python3-pip wget git make procps libpcre3-dev libdb-dev libxt-dev libxaw7-dev python-pip && (wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh) && pip install capstone && mkdir tools && cd tools && git clone https://github.com/JonathanSalwan/ROPgadget && pip3 install keystone-engine && pip3 install unicorn && pip3 install capstone && pip3 install ropper && pip3 install keystone-engine && pip install requests && pip install pwn && git clone https://github.com/radare/radare2 && cd radare2 && sys/install.sh && pip install r2pipe && dpkg --add-architecture i386 && apt update && apt install -y libc6:i386 libncurses5:i386 libstdc++6:i386 && wget https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2?revision=bc2c96c0-14b5-4bb4-9f18-bceb4050fee7?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Lin
@LiveOverflow
LiveOverflow / fuzz.html
Created Apr 7, 2019
Fuzz innerHTML vs. DOMParser
View fuzz.html
<html>
<body>
<script>
const tags = ["a", "abbr", "address", "area", "article", "aside", "audio", "b", "base", "bdi", "bdo", "blockquote", "body", "br", "button", "canvas", "caption", "cite", "code", "col", "colgroup", "data", "datalist", "dd", "del", "details", "dfn", "dialog", "div", "dl", "dt", "em", "embed", "fieldset", "figcaption", "figure", "footer", "form", "h1", "h2", "h3", "h4", "h5", "h6", "head", "header", "hgroup", "hr", "html", "i", "iframe", "img", "input", "ins", "kbd", "keygen", "label", "legend", "li", "link", "main", "map", "mark", "math", "menu", "menuitem", "meta", "meter", "nav", "noscript", "object", "ol", "optgroup", "option", "output", "p", "param", "picture", "pre", "progress", "q", "rb", "rp", "rt", "rtc", "ruby", "s", "samp", "script", "section", "select", "slot", "small", "source", "span", "strong", "style", "sub", "summary", "sup", "svg", "table", "tbody", "td", "template", "textarea", "tfoot", "th", "thead", "time", "title", "tr", "track", "u", "ul", "var", "video", "wbr"]
View AcoraidaMonicaGame.sol
pragma solidity =0.4.25;
contract AcoraidaMonicaGame{
uint256 public version = 4;
string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
string public constant sampleQuestion = "Who is Acoraida Monica?";
string public constant sampleAnswer = "$*!&#^[` a@.3;Ta&*T` R`<`~5Z`^5V You beat me! :D";
Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
address questioner;
string public question;
@LiveOverflow
LiveOverflow / docker-compose.yml
Last active May 20, 2019
flaglab - Real World CTF 2018
View docker-compose.yml
web:
image: 'gitlab/gitlab-ce:11.4.7-ce.0'
restart: always
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.example.com'
redis['bind']='127.0.0.1'
redis['port']=6379
gitlab_rails['initial_root_password']=File.read('/steg0_initial_root_password')
@LiveOverflow
LiveOverflow / googlectf2018_js_safe_2.py
Last active Sep 26, 2019
GoogleCTF2018 - JS Safe 2
View googlectf2018_js_safe_2.py
import random
import re
# python3
# STAGE 1
"""
stage1 = 'Ӈ#7ùª9¨M¤ŸÀ.áÔ¥6¦¨¹.ÿÓÂ.։£JºÓ¹WþʖmãÖÚG¤…¢dÈ9&òªћ#³­1᧨'
out = ""
key = "\x82\x1e\x0a\x9a"
@LiveOverflow
LiveOverflow / software_update.sage
Created Mar 16, 2018
34C3 CTF software_update (crypto)
View software_update.sage
import sage.all
import hashlib
# part1 - https://www.youtube.com/watch?v=Vgdhlh6evjI
# part2 - https://www.youtube.com/watch?v=EOlddNofKxo
# prepare a table of bits
def bits_of(x):
bits = []
for c in "{:08b}".format(x):
@LiveOverflow
LiveOverflow / fsec_solve.py
Created Oct 4, 2017
Fsec2017 z3 solution
View fsec_solve.py
from z3 import *
import struct
# calculate e,f,d for a given input password
def calc(m):
e = 0
f = 0
d = 0
for i in xrange(0, len(m)):
c = ord(m[i])
You can’t perform that action at this time.