This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
Module.enumerateExports('libssl.so', { | |
onMatch(e) { | |
if (e.type === 'function') | |
Interceptor.attach(e.address, createHook(e.name, e.address)); | |
}, | |
onComplete() { | |
} | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import angr | |
import analysis | |
class MemoryWrite(analysis.Analysis): | |
def __init__(self, option): | |
super(MemoryWrite, self).__init__(option) | |
self.mem_write_check() | |
def mem_write_check(self): | |
print("[+] Initializing memory write analysis") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* author Huber Flores | |
*/ | |
#Wrapping a java class into dex. | |
#Remember to add "dex" command to .bashrc file so that you can call the command from any place | |
#dex is an utility that comes with the Android SKD, and it's located in .../android-linux-x86_64/sdk/platform-tools/ | |
#export PATH=$PATH:/home/ubuntu/android-sdk-linux/platform-tools:/home/ubuntu/CyanogenModBuild/environment/bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# v2 pbzx stream handler | |
# My personal writeup on the differences here: https://gist.github.com/pudquick/29fcfe09c326a9b96cf5 | |
# | |
# Pure python reimplementation of .cpio.xz content extraction from pbzx file payload originally here: | |
# http://www.tonymacx86.com/general-help/135458-pbzx-stream-parser.html | |
# | |
# Cleaned up C version (as the basis for my code) here, thanks to Pepijn Bruienne / @bruienne | |
# https://gist.github.com/bruienne/029494bbcfb358098b41 | |
import struct, sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import os | |
import subprocess | |
# We want to reach back to a commit where the following file is identical in the tarball. | |
FILENAME="page_alloc.c" | |
# We created this file with: git log | grep '^commit' | awk '{ print $2}' > /tmp/commit-list.txt | |
commit_file = open("/tmp/commit-list.txt", "r") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
#Setup context | |
context(arch='i386', os='linux') | |
context.log_level = 'debug' | |
#Open connection to the process | |
#Remote | |
sock = remote(<host>, <port>) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
#Setup context | |
context(arch='i386', os='linux') | |
context.log_level = 'debug' | |
#Open connection to the process | |
#Remote | |
sock = remote(<host>, <port>) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var targetAddress = 'http://www.autohotkey.com/board/'; | |
var fileCount = 0; | |
phantom.onError = function(msg, trace) { | |
var msgStack = ['PHANTOM ERROR: ' + msg]; | |
if (trace && trace.length) { | |
msgStack.push('TRACE:'); | |
trace.forEach(function(t) { | |
msgStack.push(' -> ' + (t.file || t.sourceURL) + ': ' + t.line + (t.function ? ' (in function ' + t.function +')' : '')); | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import socket, ssl, select, time, re | |
from thread import start_new_thread | |
from struct import pack | |
TYPE_ENUM = 0 | |
TYPE_STRING = 2 | |
TYPE_BYTES = TYPE_STRING | |
def clean(s): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* (un)comment correct payload first (x86 or x64)! | |
* | |
* $ gcc cowroot.c -o cowroot -pthread | |
* $ ./cowroot | |
* DirtyCow root privilege escalation | |
* Backing up /usr/bin/passwd.. to /tmp/bak | |
* Size of binary: 57048 | |
* Racing, this may take a while.. | |
* /usr/bin/passwd overwritten |
OlderNewer