Keybase proof
I hereby claim:
- I am bkth on github.
- I am bkth (https://keybase.io/bkth) on keybase.
- I have a public key ASBZHtze7NMvZErOr3XCmUGi5x41XbrfafPY4bJ7fVsfgAo
To claim this, I am signing this object:
Bruno Keith bkth
bkth
/ chakragraph.py
Last active
August 30, 2018 16:21
quick and dirty prototype to generate a cfg from chakra jit output
View chakragraph.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| class Node(object): | |
| def __init__(self, name): | |
| self.name = name | |
| self.stmts = [] | |
| self.successors = [] |
bkth
/ Insomnihack pwn arena
Last active
April 27, 2020 07:08
Write-ups for the game challenges at Insomni'hack 2018 CTF
View Insomnihack pwn arena
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| As was the case last year, this year's Insomni'hack featured a multi-player game and 3 challenges requiring us to | |
| hack the game in order to get the flags | |
| It was a Unity based game and was written in C#, the core of the game logic was in the Assembly-CSharp.dll and I used dnSpy | |
| (https://github.com/0xd4d/dnSpy) to decompile the DLL and understand the logic and modify the game. | |
| Nightcrawler: | |
| This challenge required us to activate 4 buttons within a 6 second window, the game used a master client architecture | |
| where activating a button would trigger an RPC call to the master client which would keep track of the challenges based |
bkth
/ objc-rpc.m
Created
March 20, 2018 15:11
remote procedure call example in obj-c for macOS services
View objc-rpc.m
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #import <Cocoa/Cocoa.h> | |
| @protocol NetStorageXPCObjectHandler | |
| - (void)lock; | |
| - (void)unlock; | |
| - (void)deleteAllResponses; | |
| - (void)dealloc; | |
| @end |
View doit.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/python2 | |
| import time | |
| import telnetlib | |
| import sys | |
| import binascii | |
| import struct | |
| import socket | |
| import random | |
| def randstr(length=10): |
View macosv9pwn.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // JIT the target function that we will overwrite with our shellcode, even though W ^ X was already in HEAD when I wrote the exploit | |
| // It was not enabled for the release version at the time | |
| function yolo(o) { | |
| var tmp = o ** 2 + o; | |
| tmp *= 17; | |
| tmp += o ** 37; | |
| return tmp; | |
| } | |
| yolo(3); | |
| yolo(4); |
View server.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import tempfile | |
| import os | |
| import string | |
| import random | |
| def randstr(): | |
| return ''.join(random.choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for _ in range(10)) |
View sakura.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from z3 import * | |
| f = open("source.c", "rb") | |
| lines = f.read().split("\n") | |
| input_byte = [] |
View keybase.md
View doit.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import subprocess | |
| def run_cmd(s): | |
| return subprocess.check_output(s.split()) | |
View sniper.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| import telnetlib | |
| import sys | |
| import binascii | |
| import struct | |
| import socket | |
| def info(s): | |
| print "[*] %s" % s |
NewerOlder