(draft; work in progress)
See also:
- Compilers
- Program analysis:
- Dynamic analysis - instrumentation, translation, sanitizers
(draft; work in progress)
See also:
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
from base64 import * | |
Rcon = ( | |
0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, | |
0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, | |
0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, | |
0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, | |
0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, | |
0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, |
#define _GNU_SOURCE | |
#include <sys/ioctl.h> | |
#include <stdio.h> | |
#include <string.h> | |
#include <stdlib.h> | |
#include <sys/mman.h> | |
#include <sys/resource.h> | |
#include <fcntl.h> | |
#include <err.h> | |
#include <sys/wait.h> |
#define _GNU_SOURCE | |
#include <err.h> | |
#include <stdint.h> | |
#include <linux/bpf.h> | |
#include <linux/filter.h> | |
#include <stdio.h> | |
#include <unistd.h> | |
#include <sys/syscall.h> | |
#include <asm/unistd_64.h> | |
#include <sys/types.h> |
// Running with: ./exploit $(cat /proc/kallsyms | grep uiuctf | awk '{print $1}') | |
#define _GNU_SOURCE | |
#include <sched.h> | |
#include <stdio.h> | |
#include <fcntl.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <sys/ioctl.h> | |
#include <errno.h> | |
#include <pthread.h> |
#define _GNU_SOURCE | |
#include <fcntl.h> | |
#include <stdio.h> | |
#include <sys/time.h> | |
#include <time.h> | |
#include <stdlib.h> | |
#include <sys/syscall.h> | |
#include <unistd.h> | |
#include <dlfcn.h> | |
#include <string.h> |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
void setbff(void) | |
{ | |
setvbuf(stdin,(char *)0x0,2,0); | |
setvbuf(stdout,(char *)0x0,2,0); | |
setvbuf(stderr,(char *)0x0,2,0); |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <fcntl.h> | |
#include <unistd.h> | |
#include <sys/mman.h> | |
#include <sys/types.h> | |
#include <sys/stat.h> | |
#include <stdint.h> | |
#include <assert.h> |
from pwn import * | |
context.arch = "amd64" | |
context.terminal = "tmux splitw -h -f".split() | |
#cmd = "b* $_base()+0x1586" | |
cmd = "" | |
DEBUG = 0 | |
p = process("./heap") | |
#p = remote("yetanotherheap.hackable.software", 1337) | |
if DEBUG: | |
gdb.attach(p, cmd, gdb_args=['--init-eval-command="source ~/ctf/tools/gef/gef.py"']) |
var buf = new ArrayBuffer(8); | |
var f64_buf = new Float64Array(buf); | |
var u64_buf = new Uint32Array(buf); | |
function ftoi(val) { | |
f64_buf[0] = val; | |
return BigInt(u64_buf[0]) + (BigInt(u64_buf[1]) << 32n); | |
} | |
function itof(val) { |