Skip to content

Instantly share code, notes, and snippets.

👨‍💻
corrupting memory

Quentin Kaiser QKaiser

👨‍💻
corrupting memory
Block or report user

Report or block QKaiser

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@QKaiser
QKaiser / CVE_2019_1663_RV110.py
Last active May 23, 2019
PoC for CVE-2019-1663 on R110(W)
View CVE_2019_1663_RV110.py
#!/usr/bin/env python
"""
Exploit for Cisco RV110 stack buffer overflow (CVE-2019-1663).
---------------------------------------------------------------
It simply executes a ret2libc, calling system() with whatever's on the stack
as argument. Offsets are for QEMU target.
First MIPS-based exploit, might delete later.
"""
import requests
@QKaiser
QKaiser / CVE_2019_1663_RV130.py
Last active Mar 22, 2019
PoC for Cisco RV130 stack-based buffer overflow (CVE-2019-1663).
View CVE_2019_1663_RV130.py
#!/usr/bin/env python
"""
Exploit for Cisco RV130 stack-based buffer overflow (CVE-2019-1663).
This piece of code will get you proper 'return to zero protection', that is
an executable stack (thanks, mprotect) and $pc pointing to the beginning of
the stack.
Enjoy your shells responsibly :)
"""
@QKaiser
QKaiser / mmc_dump.py
Created Sep 10, 2018
Dump MMC memory from Airmedia AM-100 or similar devices.
View mmc_dump.py
#!/usr/bin/env python
"""
Dump MMC memory from Airmedia AM-100 or similar devices.
# Dumping process steps
* drop to u-boot shell
* sanity check with printenv
* load 512 bytes memory chunk from MMC to RAM at known safe address with "mmcread"
* display 512 bytes of memory from RAM at known safe address with "md.b"
@QKaiser
QKaiser / noderedsh.py
Last active Apr 30, 2019
Node RED Remote Command Execution.
View noderedsh.py
#!/usr/bin/env python3
"""
----------------------------------------------------------------------------
"THE BEER-WARE LICENSE" (Revision 42):
QKaiser wrote this file. As long as you retain this notice you
can do whatever you want with this stuff. If we meet some day, and you think
this stuff is worth it, you can buy me a beer in return.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Node-RED Remote Command Execution exploit.
@QKaiser
QKaiser / setup.sh
Created Jan 31, 2018
Eclipse Equinoxe OSGi Console - Standalone setup script
View setup.sh
#!/bin/bash
SDK_SHA512="02c6e8abbfa05072fbc139bc6c1d88245338631e7fa2776cbb2097ff1989fc6af595049a1bf7223dc0d39aa2bb1f31394cbadbcec45aa343d133f9f360675f99"
SDK_DOWNLOAD_LINK="https://www.eclipse.org/downloads/download.php?file=/equinox/drops/R-Oxygen.2-201711300510/equinox-SDK-Oxygen.2.zip&r=1"
SDK_FILENAME="equinox-SDK-Oxygen.2.zip"
echo "[+] Downloading SDK ..."
wget -q $SDK_DOWNLOAD_LINK -O $SDK_FILENAME
echo "[+] Checking checksums ..."
echo "$SDK_SHA512 $SDK_FILENAME" | sha512sum -c -
@QKaiser
QKaiser / SA_CORE_2016_004.sh
Created Nov 10, 2016
View SA_CORE_2016_004.sh
#!/bin/bash
#
# PoC for SA-CORE-2016-004
# Full config export can be downloaded without administrative permissions
#
# The idea is to grep for sensitive information within the exported
# config files. Feel free to add your own findings :)
#
###############################################################################
You can’t perform that action at this time.