bird birdg0

## solve.c
/*
gcc -m64 -nostdlib -Os -mrtm -fno-toplevel-reorder -static -Wno-multichar solve.c -o solve.elf
objcopy -Obinary -j .text solve.elf solve.bin
Reference https://github.com/Alberts-Coffee-Hours/Mastik/blob/master/src/l1.c,
https://github.com/vusec/ridl/blob/master/exploits/shadow/leak.c
and https://github.com/oranav/ctf-writeups/blob/master/gctf19/RIDL/solve.c
*/

#include <stdio.h>
#include <stdlib.h>

## ridl.py
#!/usr/bin/env python2
from pwn import *
import os

def split_by(data, cnt):
	return [data[i : i+cnt] for i in xrange(0, len(data), cnt)]

context.log_level = 'error'

BEGIN_MARKER = '%$['

## applepie.py
from zio import *

LOCAL = 0

while True:
    try:
        if LOCAL:
            io = zio('./applepie')
        else:
            io = zio(('111.186.63.147', 6666))

## vm_escape_0ctf2017_finals.c
// 0CTF 2017 finals
// vm_escape
// @Eadom
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/ioport.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/delay.h>

## qberts_engine.js
var a = new Array(0x80000200);
var b = new Array(100);

for (var i = 0; i < b.length; i++) {
    b[i] = new Uint8Array(0x1000+i);
    b[i][0] = 0x11;
    b[i][1] = 0x22;
    b[i][2] = 0x33;
    b[i][3] = 0x44;
}

## keen_of_glory2.py
from pwn import *

LOCAL = 1
DEBUG = 0
VERBOSE = 0

if VERBOSE:
    context.log_level = 'debug'
else:
    context.log_level = 'critical'

## heapstorm2.py
#!/usr/bin/env python
# encoding: utf-8

#flag{Seize it, control it, and exploit it. Welcome to the House of Storm.}

import itertools
from hashlib import sha256
from pwn import remote, process, ELF
from pwn import context
from pwn import p32,p64,u32,u64
	/*
	gcc -m64 -nostdlib -Os -mrtm -fno-toplevel-reorder -static -Wno-multichar solve.c -o solve.elf
	objcopy -Obinary -j .text solve.elf solve.bin
	Reference https://github.com/Alberts-Coffee-Hours/Mastik/blob/master/src/l1.c,
	https://github.com/vusec/ridl/blob/master/exploits/shadow/leak.c
	and https://github.com/oranav/ctf-writeups/blob/master/gctf19/RIDL/solve.c
	*/

	#include <stdio.h>
	#include <stdlib.h>
	#!/usr/bin/env python2
	from pwn import *
	import os

	def split_by(data, cnt):
	return [data[i : i+cnt] for i in xrange(0, len(data), cnt)]

	context.log_level = 'error'

	BEGIN_MARKER = '%$['
	from zio import *

	LOCAL = 0

	while True:
	try:
	if LOCAL:
	io = zio('./applepie')
	else:
	io = zio(('111.186.63.147', 6666))
	// 0CTF 2017 finals
	// vm_escape
	// @Eadom
	#include <linux/module.h>
	#include <linux/kernel.h>
	#include <linux/init.h>
	#include <linux/ioport.h>
	#include <linux/slab.h>
	#include <linux/string.h>
	#include <linux/delay.h>
	var a = new Array(0x80000200);
	var b = new Array(100);

	for (var i = 0; i < b.length; i++) {
	b[i] = new Uint8Array(0x1000+i);
	b[i][0] = 0x11;
	b[i][1] = 0x22;
	b[i][2] = 0x33;
	b[i][3] = 0x44;
	}
	from pwn import *

	LOCAL = 1
	DEBUG = 0
	VERBOSE = 0

	if VERBOSE:
	context.log_level = 'debug'
	else:
	context.log_level = 'critical'
	#!/usr/bin/env python
	# encoding: utf-8

	#flag{Seize it, control it, and exploit it. Welcome to the House of Storm.}

	import itertools
	from hashlib import sha256
	from pwn import remote, process, ELF
	from pwn import context
	from pwn import p32,p64,u32,u64