Skip to content

Instantly share code, notes, and snippets.

View blackbeard666's full-sized avatar
💻
Diving deep into exploit development

Carlo Jae Avila blackbeard666

💻
Diving deep into exploit development
12 followers · 8 following
View GitHub Profile
@blackbeard666
blackbeard666 / pwn_babybof.py
Created May 24, 2021 04:53
DRAGON CTF PWN SCRIPTS (too lazy to do writeups)
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./baby_bof', checksec = False)
libc = ELF('./libc-2.31.so', checksec = False)
#p = process('./baby_bof')
#p = process('./baby_bof', env = {'LD_PRELOAD' : libc.path})
p = remote("dctf-chall-baby-bof.westeurope.azurecontainer.io", 7481)
@blackbeard666
blackbeard666 / pwn_lasso.py
Created May 10, 2021 04:27
SAN DIEGO CTF 2021
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./uniqueLasso', checksec = False)
#libc = ELF('./libc.so.6', checksec = False)
#p = process('./uniqueLasso')
#p = process('./uniqueLasso', env = {'LD_PRELOAD' : libc.path})
p = remote("lasso.sdc.tf", 1337)
@blackbeard666
blackbeard666 / pwn_cachetroubles.py
Created April 14, 2021 14:26
PRAGYAN CTF 2021
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./cachetroubles', checksec = False)
libc = ELF('./libc-2.31.so', checksec = False)
#p = process('./cachetroubles')
p = process('./cachetroubles', env = {'LD_PRELOAD' : libc.path})
#p = remote("IP", PORT)
@blackbeard666
blackbeard666 / pwn_deathnote.py
Created April 12, 2021 12:50
FOOBAR CTF 2021 PWN SCRIPTS
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./deathnote', checksec = False)
libc = ELF('./libc.so', checksec = False)
#libc = ELF('./libc-2.23.so', checksec = False)
p = process('./deathnote', env = {'LD_PRELOAD' : libc.path})
p.recvuntil(b'> ')
@blackbeard666
blackbeard666 / pwn_raiidshadowlegends.py
Last active April 8, 2021 14:12
ANGSTROM 21 PWN SCRIPTS (solved the four easy ones, saving the other challs I worked on but were solved by the other pwn guys from ARESx here)
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./raiid_shadow_legends', checksec = False)
#libc = ELF('./libc.so.6', checksec = False)
#p = process('./raiid_shadow_legends')
#p = process('./raiid_shadow_legends', env = {'LD_PRELOAD' : libc.path})
p = remote("shell.actf.co", 21300)
@blackbeard666
blackbeard666 / pwn_birdie.py
Last active April 5, 2021 00:59
SHAKTI CTF 2021 PWN SCRIPTS (just the ones I wanted to solve)
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./birdie', checksec = False)
#libc = ELF('./libc.so.6', checksec = False)
#p = process('./birdie')
#p = process('./birdie', env = {'LD_PRELOAD' : libc.path})
p = remote("34.121.211.139", 1111)
print(p.recvuntil(b'name\n'))
@blackbeard666
blackbeard666 / crypto_dashchund.py
Last active March 31, 2021 00:09
PICO CTF 2021 SOLVE SCRIPTS (easy-medium; hard tba later)
'''
Created on Dec 14, 2011
@author: pablocelayes
'''
import ContinuedFractions, Arithmetic, RSAvulnerableKeyGenerator
def hack_RSA(e,n):
'''
@blackbeard666
blackbeard666 / pwn_pennywise.py
Created March 29, 2021 11:50
VOLGACTF_QUALS
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./pennywise', checksec = False)
libc = ELF('./libc.so.6', checksec = False)
#p = process('./pennywise', env = {'LD_PRELOAD' : libc.path})
p = remote("139.162.160.184", 19999)
print(p.recvuntil(b'[Q]uit\n'))
@blackbeard666
blackbeard666 / pwn_deathnote.py
Created March 27, 2021 12:57
SECURINETS QUALS SOLVE SCRIPTS
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./death_note', checksec = False)
libc = ELF('./libc.so.6', checksec = False)
p = process('./death_note', env = {'LD_PRELOAD' : libc.path})
print(p.recvuntil('Exit\n'))
#: GDB SETTINGS
@blackbeard666
blackbeard666 / meddle_pwn.py
Last active March 25, 2021 13:38
NAHAMCON CTF SOLVE SCRIPTS
from pwn import *
#: CONNECT TO CHALLENGE SERVERS
binary = ELF('./meddle', checksec = False)
libc = ELF('./libc-2.27.so', checksec = False)
#p = process('./meddle', env = {'LD_PRELOAD' : libc.path})
p = remote("challenge.nahamcon.com", 32057)
print(p.recvuntil(b'> '))