Skip to content

Instantly share code, notes, and snippets.

View WGH-'s full-sized avatar

WGH WGH-

23 followers · 1 following
View GitHub Profile
@WGH-
WGH- / tlmc_fix.py
Created July 9, 2014 17:01
#!/usr/bin/env python2
# encoding: utf-8
import sys
import os
import codecs
import errno
@WGH-
WGH- / decompile.py
Last active January 3, 2016 18:39
A wrapper script that can be used to conveniently check the assembly/LLVM IR of given C/C++ source. Example usage: ./decompile.py clang -emit-llvm -O2 test.cpp | less
#!/usr/bin/env python3
import os
import sys
import subprocess
import tempfile
import contextlib
@contextlib.contextmanager
@WGH-
WGH- / fix.py
Last active January 14, 2016 01:48
Useful TLMC scripts
#!/usr/bin/env python3
# encoding: utf-8
import sys
import os
import codecs
import errno
@WGH-
WGH- / README.md
Last active April 4, 2017 18:54
2manypkts writeup (Nuit du Hack CTF Quals 2017)

The task is a remote x86_64 binary (both binary and libc were provided), and is marked with "pwn" and "network". So the goal is to exploit some vulnerability to obtain a shell.

They're actually two parts of the task, named 2manypkts-v1 and 2manypkts-v2 respectively.

The binary has somewhat trivial stack buffer overflow vulnerability. In the first part, you can just overflow the buffer up to (and beyond) main return address, and employ well-known ROP technique. The second part is harder: main never returns, but buffer can also overwrite some other variables, including several pointers to heap variables, which would allow to call realloc with arbitrary arguments.

@WGH-
WGH- / keybase.md
Created April 10, 2017 21:32

Keybase proof

I hereby claim:

  • I am WGH- on github.
  • I am wgh (https://keybase.io/wgh) on keybase.
  • I have a public key whose fingerprint is 25DA BF19 C1BF 93A6 261C C136 B737 44F0 6687 E863

To claim this, I am signing this object:

@WGH-
WGH- / self_exploit.py
Created October 12, 2015 13:17
Self-exploiting exploit
#!/usr/bin/python2
import sys
from pwn import *
def find_libc_path_and_offset():
with open("/proc/self/maps") as f:
for line in f:
line = line.strip()
@WGH-
WGH- / convert_bindsyms.py
Created October 30, 2016 20:42
#!/usr/bin/env python3
import sys
import pprint
import re
import subprocess
def get_mapping():
p = subprocess.Popen(["xmodmap", "-pke"], stdout=subprocess.PIPE)
@WGH-
WGH- / test_tcpassembly.go
Created March 6, 2018 15:58
package main
import (
"bufio"
"log"
"os"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcapgo"
@WGH-
WGH- / test_reassembly.go
Created March 6, 2018 16:13
package main
import (
"bufio"
"log"
"os"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcapgo"
@WGH-
WGH- / test_reassembly_invariant.go
Created March 21, 2018 00:27
package main
import (
"bufio"
"io/ioutil"
"log"
"os"
"time"
"github.com/google/gopacket"