Skip to content

Instantly share code, notes, and snippets.

Avatar
🔬

Taylor Hornby defuse

🔬
View GitHub Profile
View gist:5765842
# Little program for testing return from interrupt privilege check.
.intel_syntax noprefix
.text
.global main
main:
# Print the CS
mov eax, cs
push eax
View gist:6149343
#!/usr/bin/env ruby
# Here's an EXTREMELY abstract environment where oi.js is broken.
# Assumptions:
# - There are no asynchronous interupts
# - Each line of javascript code takes 1 unit of time.
# - The context switching quantum is 10
# - millis() changes on every context switch.
# - millis() ONLY changes during a context switch.
#
# Under these assumptions, let Q be the time remaining before the :wmlt loop
@defuse
defuse / gist:6374037
Created Aug 29, 2013
N boxes numbered 1..N. N balls numbered 1..N. How many ways can balls be put into boxes so that each ball's # is different from its box #?
View gist:6374037
#!/usr/bin/env ruby
#
# There are N boxes numbered 1 to N. There are N balls numbered 1 to N.
# Balls can be put into boxes. How many ways can you put each ball in a box so
# that each ball's number is *different* from the number of the box it's in?
#
# Example for N=3:
#
# RIGHT:
#
View gist:6375486
def factorial(n)
product = 1
1.upto(n) do |k|
product *= k
end
return product
end
def choose(n,k)
@defuse
defuse / quine.php
Created Sep 21, 2013
Escaping Challenge: Make a PHP script that (Z:) generates JavaScript code that generates an HTML page containing a PHP script that (goto Z)...
View quine.php
<?php
/* Escaping Challenge: Make a PHP script that (Z:) generates JavaScript code
* that generates an HTML page containing a PHP script that (goto Z) */
/* The purpose of this challenge is to demonstrate how complicated escaping can
* get when you're trying to combine 4 different languages (PHP, JavaScript,
* HTML, and string literals). */
function js_string_escape($data)
@defuse
defuse / gist:7109825
Created Oct 22, 2013
Ballast Security's shell decoding challenge.
View gist:7109825
<?php
/*
* This is the decoded version of Ballast Security's shell decoding challenge:
* http://ballastsec.blogspot.ca/2013/01/first-of-many-encrypted-php-shell.html
*
* Original: http://pastebin.com/W92Q0Q9j
*
* Decoding was done by @DefuseSec with a bit of help from @RiptideTempora.
*/
@error_reporting(0);
@defuse
defuse / gist:7109985
Created Oct 22, 2013
Cryptography assignment or something?
View gist:7109985
lines = [
"ABCDEFGHIJFG",
"ABIKLAKGCMAIHDJACKNKCKNMDH",
"MADHDPACLDHIKH",
"AILDQIGCRIPACKNGHPACLDSDKLDPD",
"ALCIHPIQTIDCEAPAHIG"
]
ct = lines.join("")
@defuse
defuse / disassemble.rb
Created Oct 24, 2013
Disassembling TrueCrypt Differences
View disassemble.rb
str = "D0 1D 00 00 00 02 02 00 30 82 1D BD 06 09 2A 86 48 86 F7 0D 01 07 02 A0 82 1D AE 30 82 1D AA 02 01 01 31 0B 30 09 06 05 2B 0E 03 01 1A"
binary = str.split(" ").map { |x| x.to_i(16).chr }.join("")
0.upto(binary.length - 1) do |start|
code = binary[start...binary.length]
File.open("/tmp/foo.bin", "w") do |f|
f.write(code)
end
print `objdump -D -b binary -m i8086 -M intel /tmp/foo.bin`
@defuse
defuse / tc_challenges.rb
Created Dec 3, 2013
TrueCrypt Challenge Generator
View tc_challenges.rb
#!/usr/bin/env ruby
# @DefuseSec's TrueCrypt Challenge Generator!
#
# This script generates a set of TrueCrypt "challenges." Volumes are created in
# different ways using secure 128-bit passwords to provide a challenge for
# anyone claiming TrueCrypt is backdoored. If there is a backdoor, then one
# should be able to use one of the published challenges to prove it.
#
# There are 5 different types of challenges:
@defuse
defuse / lib_crypt.php
Created Jan 31, 2014
//// BAD CRYPTO CODE //// DO NOT USE THIS CODE ////
View lib_crypt.php
<?php
// [LIB - Crypt Functions]
// (c) 2005-2013 unix-world.org - all rights reserved
// code release 2013-05-30
//##################################################### PREVENT S EXECUTION
if(A_HEADER_EXEC_RUNTIME != 'NetVisionOpenSource') {
die('This PHP script: `'.htmlspecialchars(@basename(__FILE__)).'` cannot be executed directly !');
} //end if
//#####################################################
You can’t perform that action at this time.