Skip to content

Instantly share code, notes, and snippets.

View betrisey's full-sized avatar

Samuel Bétrisey betrisey

45 followers · 69 following
View GitHub Profile
@0xKira
0xKira / README.md
Created September 27, 2021 02:56
Solution for 0CTF/TCTF 2021 Final binlog

The challenge uses the Django framework to host a website, and a binary service written in C++ provides data access.

The web service only has one potential vulnerability. It uses Django-redis to store session data. This library uses pickle to serialize data. This is vulnerable if an attacker is able to control both the cache key and data.

Luckily the provided binary service can do them all. You are able to write a blog(cache content) controllable. So the only problem is about the cache key. One obvious difference between the binary and the common ones is, it's compiled with AddressSanitizer to detect memory corruption bugs. And we can check the binary service output from the web interface, even its stderr!

The idea is to retrieve sensitive data from ASAN's bug report. I leave an easy-

@davidfowl
davidfowl / MinimalAPIs.md
Last active April 10, 2024 04:24
Minimal APIs at a glance
@tothi
tothi / usbgadget_razer.sh
Created August 22, 2021 09:52
Razer USB gadget on Android for Local Privilege Escalation on Windows
# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
#
# https://twitter.com/j0nh4t/status/1429049506021138437
# https://twitter.com/an0n_r0/status/1429263450748895236
#
# the script was developed & tested on Android LineageOS 18.1
@Adikso
Adikso / babyrop.py
Created February 8, 2021 00:15
from pwn import *
r = remote('dicec.tf', 31924)
elf = ELF('babyrop')
rop = ROP(elf)
libc = ELF('/lib/x86_64-linux-gnu/libc.so.6')
libc_write = libc.symbols['write']
@noopkat
noopkat / workstation.md
Last active January 7, 2023 03:18

⚠️ this is now stupidly out of date

Computers

  • 13" Macbook Pro 3.3 GHz i7 (late 2016)
  • Microsoft Surface Book (2016)

Peripherals

@indrora
indrora / 00readme.md
Last active November 12, 2021 07:24
DeadUpdate: Kickin' it bigtime.

... my first disclosure. Man, it feels weird doing this.

update 6/6/16 I would like to stress something: I'm not saying "Don't buy an ASUS device" -- I see a lot of people who want to lambaste ASUS for this and boycott their hardware. This isn't what I want people to be doing by any stretch. Stupidly, I like the ASUS hardware I have (it's nice for the price) and I would rather see a pressure on ASUS as an OEM to stop shipping "value added software" to consumers; If you want to help Microsoft in pushing this mentality, go buy a signature machine from them. Microsoft provides support, but also only ships windows and a few select utilities that are essential to the functioning of the system (think: Radeon/Optimus and nVidia control panels) and fall heavily on the hardware makers (ATI, nVidia, Intel) to provide support for the harware.

Consider an ASUS device all you want. Start putting pressure on Microsoft that consumers want bloat-free devices and start voting with your money. Microsoft's store

@alirobe
alirobe / reclaimWindows10.ps1
Last active April 23, 2024 06:15
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
###
@danverbraganza
danverbraganza / hangman.py
Last active April 20, 2017 18:52
Hangman implemented in 3 lines of Python! For an explanation of how this works, see http://danverbraganza.com/writings/hangman-in-3-lines-of-python
license, chosen_word, guesses, scaffold, man, guesses_left = 'https://opensource.org/licenses/MIT', ''.join(filter(str.isalpha, __import__('random').choice(open('/usr/share/dict/words').readlines()).upper())), set(), '|======\n| |\n| {3} {0} {5}\n| {2}{1}{4}\n| {6} {7}\n| {8} {9}\n|', list('OT-\\-//\\||'), 10
while not all(letter in guesses for letter in chosen_word) and guesses_left: _, guesses_left = map(guesses.add, filter(str.isalpha, raw_input('%s(%s guesses left)\n%s\n%s:' % (','.join(sorted(guesses)), guesses_left, scaffold.format(*(man[:10-guesses_left] + [' '] * guesses_left)), ' '.join(letter if letter in guesses else '_' for letter in chosen_word))).upper())), max((10 - len(guesses - set(chosen_word))), 0)
print 'You', ['lose!\n' + scaffold.format(*man), 'win!'][bool(guesses_left)], '\nWord was', chosen_word
@dfletcher
dfletcher / tsws
Last active July 21, 2018 12:47
Totally simple web server using Bash and netcat (nc)
Moved to a proprer repositoy, TSWS is a real boy now!
https://github.com/dfletcher/tsws
PRs welcomed.
anonymous
anonymous / untrusted-lvl12-solution.js
Created April 19, 2015 18:53
Solution to level 12 in Untrusted: http://alex.nisnevich.com/untrusted/
/*
* robotNav.js
*
* The green key is located in a slightly more
* complicated room. You'll need to get the robot
* past these obstacles.
*/
function startLevel(map) {
// Hint: you can press R or 5 to "rest" and not move the