Skip to content

Instantly share code, notes, and snippets.

View cedriczirtacic's full-sized avatar
🐗
æ

cedric cedriczirtacic

🐗
æ
49 followers · 56 following
View GitHub Profile
@cedriczirtacic
cedriczirtacic / disclosure.log
Last active October 26, 2017 14:10
equifax xss
[1] 17/07/2017: Contacted Equifax via @AskEquifax.
[2] 22/07/2017: After no response, the issue was made public.
[3] XX/09/2017: Issue fixed after "Equihax" breach.
@cedriczirtacic
cedriczirtacic / arp_transport.pl
Created July 18, 2017 20:48
filtrate data via ARP requests
#!/usr/bin/perl -w
use strict;
use warnings;
use Net::ARP;
my $source = "10.0.2.15";
my $dev = "enp0s3";
WHILE: print "\$ ";
@cedriczirtacic
cedriczirtacic / get_original_hwaddr.c
Last active August 4, 2017 17:31
using ioctl(2) to get the original hwaddr of a network interface
// gcc -o get_orig_hwaddr get_orig_hwaddr.c
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
char *get_addr (int fd, struct ifreq *ifrq) {
@cedriczirtacic
cedriczirtacic / 64_or_32.S
Last active August 14, 2017 20:45
check if 64 or 32 bits using CS segment (64=33, 32=23)
// To try it in i386:
// as --32 -o cs.o cs.S && ld -melf_i386 -o cs cs.o
.section .text
.global _start
_start:
movw %cs, %cx
shr $4, %cx
cmpb $3, %cl
je x86_64
@cedriczirtacic
cedriczirtacic / tmux.cheat
Created August 16, 2017 21:52 — forked from afair/tmux.cheat
Tmux Quick Reference & Cheat sheet - 2 column format for less scrolling!
========================================== ==========================================
TMUX COMMAND WINDOW (TAB)
========================================== ==========================================
List tmux ls List ^b w
New -s <session> Create ^b c
Attach att -t <session> Rename ^b , <name>
Rename rename-session -t <old> <new> Last ^b l (lower-L)
Kill kill-session -t <session> Close ^b &
@cedriczirtacic
cedriczirtacic / rot13.S
Last active August 25, 2017 20:49
assembly rot13()
//as -o rot13.o rot13.S && ld -o rot13 rot13.o
.section .data
string:
.asciz "Hello World.\n"
.section .text
.global _start
_start:
leaq string, %rdi
call rot13
@cedriczirtacic
cedriczirtacic / russian_roulette.S
Last active September 29, 2017 21:46
SIGSEGV russian roulette
.section .text
.global _start
_start:
pushq %rbp
movq %rsp, %rbp
subq $1, %rbp
// call sys_getrandom
movl $318, %eax
leaq -1(%rbp), %rdi
@cedriczirtacic
cedriczirtacic / patch1.diff
Last active October 11, 2017 18:11
hexer 1.0.3 various buffer overflows (poc + fixes)
--- main.c.old 2017-10-11 11:00:46.980000015 -0600
+++ main.c 2017-10-11 11:09:21.803333352 -0600
@@ -152,7 +152,8 @@
printf("recover from file `%s'.\n", optarg);
break;
case 'c': /* command */
- startup_commands[startup_commands_n++] = optarg;
+ if (startup_commands_n <= HEXER_MAX_STARTUP_COMMANDS)
+ startup_commands[startup_commands_n++] = optarg;
break;
@cedriczirtacic
cedriczirtacic / readmacho.c
Last active October 15, 2017 15:14
quick & dirty read Macho-O binary headers
// like: otool -h <binary>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <mach-o/loader.h>
int main(int argc, char *argv[]) {
struct mach_header_64 *hdr;
@cedriczirtacic
cedriczirtacic / js_extract.js
Last active October 19, 2017 23:02
based on: https://twitter.com/jobertabma/status/920840311890255873
#!/bin/env node
// https://gist.github.com/cedriczirtacic
var argv = process.argv;
if (argv.length < 3) {
console.info("%s <url>", argv[1]);
process.exit(1);
}
var url = argv[2];