brant-ruan
/ specify_llvm_clang_ver.sh
Created
April 3, 2024 01:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [ "$(id -u)" -ne 0 ]; then | |
| echo "This script must be run as root. Please use 'sudo' to run it." | |
| exit 1 | |
| fi | |
| if [ $# -eq 0 ]; then | |
| echo "Usage: $0 <version>" | |
| exit 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) | |
| { | |
| struct group_info *rqgi; | |
| struct group_info *gi; | |
| struct cred *new; | |
| int i, j; | |
| int flags = nfsexp_flags(rqstp, exp); | |
| validate_process_creds(); |
brant-ruan
/ tfb_cgi_decode.c
Last active
October 29, 2023 06:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* CGI decoding as C program */ | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <stdio.h> | |
| int hex_values[256]; | |
| void init_hex_values() { |
brant-ruan
/ tfb_coverage_class.py
Last active
October 29, 2023 06:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Location = Tuple[str, int] | |
| class Coverage: | |
| """Track coverage within a `with` block. Use as | |
| ``` | |
| with Coverage() as cov: | |
| function_to_be_traced() | |
| c = cov.coverage() | |
| ``` | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def cgi_decode(s: str) -> str: | |
| """Decode the CGI-encoded string `s`: | |
| * replace '+' by ' ' | |
| * replace "%xx" by the character with hex number xx. | |
| Return the decoded string. Raise `ValueError` for invalid inputs.""" | |
| # Mapping of hex digits to their integer values | |
| hex_values = { | |
| '0': 0, '1': 1, '2': 2, '3': 3, '4': 4, | |
| '5': 5, '6': 6, '7': 7, '8': 8, '9': 9, |
brant-ruan
/ exploit_bypass_kaslr_smap_smep_ret2dir.c
Created
February 4, 2023 07:58
ret2dir | Pawnyable LK01-2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <fcntl.h> | |
| #include <stdint.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <sys/ioctl.h> | |
| #include <sys/stat.h> | |
| #include <sys/types.h> | |
| #include <unistd.h> | |
| #include <sys/mman.h> |
brant-ruan
/ rds_amd64_ret2dir.c
Created
February 3, 2023 15:50
ret2dir | CVE-2010-3904 | by Dan Rosenberg and Vasileios P. Kemerlis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Linux Kernel <= 2.6.36-rc8 RDS privilege escalation exploit | |
| * CVE-2010-3904 | |
| * by Dan Rosenberg <drosenberg@vsecurity.com> | |
| * | |
| * Copyright 2010 Virtual Security Research, LLC | |
| * | |
| * The handling functions for sending and receiving RDS messages | |
| * use unchecked __copy_*_user_inatomic functions without any | |
| * access checks on user-provided pointers. As a result, by |
brant-ruan
/ perf-events_amd64_ret2usr.c
Created
February 3, 2023 15:20
ret2usr | CVE-2013-2094 | by sorbo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * CVE-2013-2094 exploit x86_64 Linux < 3.8.9 | |
| * by sorbo (sorbo@darkircop.org) June 2013 | |
| * | |
| * Based on sd's exploit. Supports more targets. | |
| * | |
| */ | |
| #define _GNU_SOURCE | |
| #include <string.h> |
brant-ruan
/ perf-events_amd64_ret2dir.c
Last active
February 3, 2023 15:16
ret2dir | CVE-2013-2094 | by Vasileios P. Kemerlis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Linux kernel exploit (privilege escalation) | |
| * CVE-2013-2094 (PERF_EVENTS) | |
| * Vasileios P. Kemerlis <vpk@cs.columbia.edu> | |
| * | |
| * Based on the exploits of `sd', `sorbo', and `spender'; | |
| * uses the `ret2dir' technique for bypassing: | |
| * - SMEP+SMAP (Intel) | |
| * - KERNEXEC/UDEREF (PaX) | |
| * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "bpf_insn.h" | |
| #include <linux/bpf.h> | |
| #include <stdint.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/socket.h> | |
| #include <sys/syscall.h> | |
| #include <sys/types.h> | |
| #include <unistd.h> |
NewerOlder