Skip to content

Instantly share code, notes, and snippets.

Avatar

Ben Holland benjholla

View GitHub Profile
@calebstewart
calebstewart / ghidra-9.0.desktop
Created Mar 9, 2019
Desktop File for Ghidra 9.0
View ghidra-9.0.desktop
[Desktop Entry]
Categories=Application;Development;
Comment[en_US]=Ghidra Software Reverse Engineering Suite
Comment=Ghidra Software Reverse Engineering Suite
Exec=/opt/ghidra/ghidraRun
GenericName[en_US]=Ghidra Software Reverse Engineering Suite
GenericName=Ghidra Software Reverse Engineering Suite
Icon=/opt/ghidra/support/ghidra.ico
MimeType=
Name[en_US]=Ghidra 9.0
View bflisp.md

A C compiler for Brainfuck

I want to share my friend's crazy project because it demonstrates how a simple Turing-machine-like programming language is actually equivalent to usual real-world computers.

I think we all know the theory that all Turing complete programming languages are equivalent in terms of their powers. If languages A and B are Turing complete, A can emulate B and vice versa. But that's not obvious at all. How can a simple programming model like Turing Machine can run "real" programs such as ones that run on a general-purpose PC? If it is possible in theory, it can be demonstrated.

View GoldbachConjecture.java
public class GoldbachConjecture {
public static void Goldbach(int x) {
if (x % 2 != 0) {
System.out.println("Not Even");
return;
}
if (x <= 2) {
System.out.println("Less than 2");
return;
@roachhd
roachhd / README.md
Last active Nov 26, 2020
Basics of BrainFuck
View README.md

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

BrainFuck Programming Tutorial by: Katie

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

INTRODUCTION

@dpryden
dpryden / ClassLoaderLeakExample.java
Created Oct 20, 2014
Example of a ClassLoader leak in Java
View ClassLoaderLeakExample.java
import java.io.IOException;
import java.net.URLClassLoader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.Path;
/**
* Example demonstrating a ClassLoader leak.
*
* <p>To see it in action, copy this file to a temp directory somewhere,
View heartbleed-altered.py
#!/usr/bin/python
# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
# Michael Davis (mike.philip.davis@gmail.com)
# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
import select
@takeshixx
takeshixx / hb-test.py
Last active Nov 2, 2020
OpenSSL heartbeat PoC with STARTTLS support.
View hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
@dergachev
dergachev / setuid-root-backdoor.md
Last active Oct 3, 2020
How to use setuid to install a root backdoor.
View setuid-root-backdoor.md

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

View Exploit.java
/*
Java 0day 1.7.0_10 decrypted source
Originaly placed on https://damagelab.org/index.php?showtopic=23719&st=0
From Russia with love.
*/
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.security.AccessController;
@maxcountryman
maxcountryman / bf.c
Created Jan 29, 2012
A simple brainfuck interpreter in C
View bf.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
// initialize the tape with 30,000 zeroes
unsigned char tape[30000] = {0};
// set the pointer to point at the left-most cell of the tape
unsigned char* ptr = tape;
You can’t perform that action at this time.