Skip to content

Instantly share code, notes, and snippets.

NOP Sledding

Jameel Haffejee RC1140

NOP Sledding
View GitHub Profile
View eBPFOverwrite
sudo bpftrace -e 'k:__x64_sys_getuid /comm == "id"/ { override(99); }' --unsafe -c /usr/bin/id
RC1140 / cascade.asm
Created Mar 17, 2013
Source code for the cascade virus
View cascade.asm
PAGE 62,132
SUBTTL Layout (C) 1990 164A12565AA18213165556D3125C4B962712
RC1140 / gist:3299197
Created Aug 8, 2012
Arduino LCD Scrolling
View gist:3299197
#include <LiquidCrystal.h>
#include <string.h>
// initialize the library with the numbers of the interface pins
LiquidCrystal lcd(7, 8, 9, 10, 11, 12);
char message[] = "This is some long message that will end up scrolling";
int previous = 0;
int pos = 0;
View arborDemoStep1.html
<script language="javascript" type="text/javascript" src=""></script>
<script language="javascript" type="text/javascript" src="http://localhost/arbor/lib/arbor.js" ></script>
<script language="javascript" type="text/javascript" src="http://localhost/arbor/demos/_/graphics.js" ></script>
<script language="javascript" type="text/javascript" src="http://localhost/arbor/demos/halfviz/src/renderer.js" ></script>
<canvas id="viewport" width="800" height="600"></canvas>
<script language="javascript" type="text/javascript">
RC1140 /
Created Dec 5, 2013
Converts a memory address to little endian , useful for exploits and such , also prints the format used in an exploit.
import sys
if len(sys.argv) == 1:
memAddress = sys.argv[1]#'bffffe65'#
start = len(memAddress)
outAddress = ''
hexAddress = ''
for i in range(len(memAddress),0,-2):
start -= 2
View task1.2.asm
_f proc near
var_10 = dword ptr -10h
var_9 = byte ptr -9
input = dword ptr 8
push ebp
mov ebp, esp
sub esp, 18h
jmp short loc_8048410
add [ebp+input], 4
View compare.c
char toupper ( char c )
if( c >= ’a’ && c <= ’z’ ) {
c = c - ’a’ + ’A’;
return( c );
View task1.1.asm
_f proc near
input = dword ptr 8
push ebp ;Stack winding , remember where we came from.
mov ebp, esp ;Stack winding , update the current stack locations.
movzx eax, byte ptr [ebp+input] ; Move the byte value @ the address [ebp + input] and extend it if needed into the eax register
; eax now contains the the first 8 bytes of the stack for the current function which is your first parameter passed to the function
lea edx, [eax-61h] ; This subtracts 61h from eax (the parameter passed in ) and sets edx to the result.
; Assuming we passed in the letter 'a' , this would result in 61h - 61h == 0 in edx
cmp dl, 19h ; Compare the lower register of edx to 19h , if the value is less than 19h then we
; we know we are dealing with lower case letters. Otherwise this is an upper case letter or some other char which means we can ignore it.
RC1140 /
Created Feb 21, 2013
Small little extension for ttytter that allows you to highlight the names of certain users. I also changed the way tweets are displayed to suit my liking. To use it run ttytter
use Term::ANSIColor;
#Open a text file with a list of users to highlight
open our $handle, '<', "/home/<your username>/tweetersToHighlight.txt";
chomp(our = <$handle>);
#Convert array to hash/dictionary
our %users = map { $_ => 1 };
close $handle;
#Setup ttytter hook
$handle = sub {
RC1140 / hola.diff
Created Jan 30, 2013
Hola patch to remove remote calls and lower permissions requirements.
View hola.diff
diff --cc manifest.json
index 984792c,06d9aad..0000000
--- a/manifest.json
+++ b/manifest.json
@@@ -5,9 -5,7 +5,13 @@@
++<<<<<<< HEAD
+ "<all_urls>",
You can’t perform that action at this time.