Subject: Being a glutton is an awful sin, learn how you can stop living a sinful life and lose excessive weight
From: ziggydog@xplornet.com
Date: Jul 15 02:25AM +0200
Our Lord and Savior wants you to stop being obese.
The Bible says that gluttony is an awful sin.
The craving of food can quickly become an idol in our lives.
Anything that takes the place of Lord is a sin against Him (Proverbs 23:2).
ancat
/ hook_processes_and_threads.c
Last active
March 2, 2020 03:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Question: how hook into the creation of new processes /and/ threads? | |
| Attempt #1: Attach a kprobe to the `execve` syscall | |
| - This works, but will not catch threads created via clone. | |
| Attempt #2: Add an additional kretprobe to the `clone` syscall | |
| - On success, clone returns the newly created thread id. This works fine | |
| until you start dealing with pid namespaces. If clone is called from a | |
| different pid namespace, the return value will only be valid for that |
ancat
/ get_memory_strings.py
Last active
October 17, 2021 22:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ctypes, sys, os, string | |
| try: | |
| pid = int(sys.argv[1]) | |
| except IndexError: | |
| print >> sys.stderr, "{} <process_id>".format(sys.argv[0]) | |
| sys.exit(1) | |
| libc = ctypes.CDLL('/lib/x86_64-linux-gnu/libc.so.6') | |
| libc.process_vm_readv.argtypes = [ctypes.c_uint64, ctypes.c_void_p, ctypes.c_uint64, ctypes.c_void_p, ctypes.c_uint64, ctypes.c_uint64] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP PUBLIC KEY BLOCK----- | |
| Version: GnuPG v1 | |
| mQINBFXrqMIBEADs7PR4iqATlwguGqGLTbUmeUWtjfnyf+ZrEh6P9Xi2MP23qJh4 | |
| XHaAOlB0nzgOIvqPGNBa6OU6aUq/timRZY0XRKFGj3pExiq/efkMP5a2QvPTfaPa | |
| L1k0yH4VNzerALIXvrYxVkQmEKeTV1WSp7bOfSGajcvINitLXBaFoVJAoqbmoDTn | |
| vcRIffQOJ7/Kccn0vbrTqqZykYfG68APPjGW08KdbQGAgrSMRMS0gNnbZKQ0PhOf | |
| EoGXXNa9AvKMo15U01v9aC+kZJ+0VmcswIknF+2IugLChuhz5FYxJ9m2t8OJBF1P | |
| RobI86Zgexq83cNSDhSR+I53+VW0uJPHRQhp+AB2l6aspKq+V92QZZ3mcI1NR95J | |
| epFx0DeMbajA3oeKH/9+77kqeS/am+veZZgm4qKe6ziM4xfxsN9090RHq+32NGUt |
Install brew and pip (sudo easy_install pip)
brew update
brew install homebrew/science/openblas
Wibbly wobbly timey wimey, or "wwtw" was a two point pwnable from Defcon quals this year. I worked on this challenge with my teammate, @MarvelousBreadchris. Running it right away shows us a little game screen:
You(^V<>) must find your way to the TARDIS(T) by
avoiding the angels(A).
Go through the exits(E) to get to the next room
ancat
/ exploit250.py
Last active
August 29, 2015 14:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import sys | |
| lei = lambda x: struct.pack('I', x); | |
| stack_chk = 0x0804B01C # location of stack_chk in the got | |
| ret = 0x08048D89 # stack pivot (sub esp, 0x1c; pop; pop; pop; pop; ret;) | |
| live = True | |
| if live: |
ancat
/ Kendall.md
Last active
August 29, 2015 14:16
Kendall was a 300 point "red" challenge - an exploitable. This was a pretty involved challenge but it was simple once you realized what you had to do. Launching the binary would start a forking server for some DHCP Management Console.
Playing around with the console, it's clear that authenticating is going to be integral to solving the challenge. The authenticate function opens a password.txt file and compares it with your input. You would probably be able to use the strcmp as a timing oracle to brute force the password, but that's kind of lame.
While reversing, we noticed the same strange function being used to read user input being used everywhere. Strange, mostly because it only accepted a size parameter. It didn't accept a destination buffer nor did it allocate space for one - it just used the same statically sized 128 byte long buffer in the .bss segment.
ancat
/ gist:0d4b7f8740ae6faa6cc3
Created
June 16, 2014 22:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set $root = 0x804c36c | |
| # first element | |
| break *0x08049030 | |
| commands | |
| silent | |
| printf "allocated first_node->name @ 0x%x\n", $eax | |
| continue | |
| end | |
| break *0x0804903D |
ancat
/ gist:11164195
Created
April 22, 2014 03:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ?<html xmlns="http://www.w3.org/1999/xhtml"> | |
| <head> | |
| <title>http://24.media.tumblr.com</title> | |
NewerOlder