This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <sys/mman.h> | |
#include <sys/stat.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <unistd.h> | |
#include <stdint.h> | |
#include <stdint.h> | |
typedef uint8_t u8; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
''' | |
Copyright (c) 2020, Andrea Fioraldi | |
Redistribution and use in source and binary forms, with or without | |
modification, are permitted provided that the following conditions are met: | |
1. Redistributions of source code must retain the above copyright notice, this | |
list of conditions and the following disclaimer. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import time | |
import os | |
import requests | |
from scapy.all import * | |
DEFAULT_BAD_GATEWAY = '12:34:56:78:9A:BC' | |
class Device(object): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from angr import sim_options as options | |
from angr.errors import SimUnsatError, SimMemoryError, SimMemoryLimitError, SimMemoryAddressError, SimMergeError | |
from angr.storage.memory import SimMemory, DUMMY_SYMBOLIC_READ_VALUE | |
import angr | |
import logging | |
l = logging.getLogger("concretor_angr") | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
author: Andrea Fioraldi | |
team: TheRomanXpl0it | |
ctf: CSAW18 finals | |
''' | |
from pwn import * | |
#context.log_level = "debug" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chr = {0: '\x00', 1: '\x01', 2: '\x02', 3: '\x03', 4: '\x04', 5: '\x05', 6: '\x06', 7: '\x07', 8: '\x08', 9: '\t', 10: '\n', 11: '\x0b', 12: '\x0c', 13: '\r', 14: '\x0e', 15: '\x0f', 16: '\x10', 17: '\x11', 18: '\x12', 19: '\x13', 20: '\x14', 21: '\x15', 22: '\x16', 23: '\x17', 24: '\x18', 25: '\x19', 26: '\x1a', 27: '\x1b', 28: '\x1c', 29: '\x1d', 30: '\x1e', 31: '\x1f', 32: ' ', 33: '!', 34: '"', 35: '#', 36: '$', 37: '%', 38: '&', 39: "'", 40: '(', 41: ')', 42: '*', 43: '+', 44: ',', 45: '-', 46: '.', 47: '/', 48: '0', 49: '1', 50: '2', 51: '3', 52: '4', 53: '5', 54: '6', 55: '7', 56: '8', 57: '9', 58: ':', 59: ';', 60: '<', 61: '=', 62: '>', 63: '?', 64: '@', 65: 'A', 66: 'B', 67: 'C', 68: 'D', 69: 'E', 70: 'F', 71: 'G', 72: 'H', 73: 'I', 74: 'J', 75: 'K', 76: 'L', 77: 'M', 78: 'N', 79: 'O', 80: 'P', 81: 'Q', 82: 'R', 83: 'S', 84: 'T', 85: 'U', 86: 'V', 87: 'W', 88: 'X', 89: 'Y', 90: 'Z', 91: '[', 92: '\\', 93: ']', 94: '^', 95: '_', 96: '`', 97: 'a', 98: 'b', 99: 'c', 100: 'd', 101: 'e', 102: 'f', 103: ' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//===- afl_driver.cpp - a glue between AFL and libFuzzer --------*- C++ -* ===// | |
// | |
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. | |
// See https://llvm.org/LICENSE.txt for license information. | |
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | |
//===----------------------------------------------------------------------===// | |
/* This file allows to fuzz libFuzzer-style target functions | |
(LLVMFuzzerTestOneInput) with AFL using AFL's persistent (in-process) mode. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// ----------------------------------------------------- | |
// Common definitions outside Ghidra | |
// ----------------------------------------------------- | |
typedef unsigned char byte; | |
typedef long long longlong; | |
typedef unsigned char uchar; | |
typedef unsigned int uint; | |
typedef unsigned long ulong; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var fuzz = require("./frida-fuzzer/fuzz"); | |
fuzz.target_module = "libxml2.so.2"; | |
/* Load libdislocator and hook the PLT of the target module. DO NOT hook the | |
symbols in libc otherwise Frida itself will use the dislocator malloc | |
and freeze your machine (problably there are memory leaks in the runtime) */ | |
var subs = ["malloc", "calloc", "realloc", "free", "memalign", "posix_memalign"]; | |
var disloc = Module.load("/home/andrea/AFLplusplus/libdislocator.so"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var STALKER_QUEUE_CAP = 100000000; | |
var STALKER_QUEUE_DRAIN_INT = 1000*1000; | |
Stalker.trustThreshold = 0; | |
Stalker.queueCapacity = STALKER_QUEUE_CAP; | |
Stalker.queueDrainInterval = STALKER_QUEUE_DRAIN_INT; | |
var TARGET_MODULE = "libnative-lib.so"; | |
var TARGET_FUNCTION = Module.findExportByName(TARGET_MODULE, "target_func"); |