Skip to content

Instantly share code, notes, and snippets.

View dwendt's full-sized avatar
⁉️
hello

Ditmar Wendt dwendt

⁉️
hello
52 followers · 6 following
View GitHub Profile
@dwendt
dwendt / soundcloud-scrobbler.js
Last active June 9, 2019 19:28
A fix for the soundcloud -> lastfm greasemonkey scrobbler. Updated to take advantage of soundcloud's pageless navigation.
// ==UserScript==
// @name SoundCloud Last.fm Scrobbler
// @namespace http://userscripts.org/users/266001
// @description SoundCloud Last.fm Scrobbler is a JS/Greasemonkey-based Last.fm scrobbler for SoundCloud with support for loving tracks. Based on Bandcamp Last.fm Scrobbler 0.9.4 GGS-0.9.3.
// @require http://userscripts-mirror.org/scripts/source/85398.user.js
// @include http://soundcloud.com/*
// @include https://soundcloud.com/*
// @version 0.1.6 GGS-0.9.5-Dv6
// @license FreeBSD License (see source code). Portions dual-licensed under the MIT (Expat) License and GPLv2.
// @grant GM_log
@dwendt
dwendt / greenhornd.md
Last active August 29, 2015 14:06
csaw greenhornd

For this challenge, we're given an .exe file and a server that it's running on. Running strings on the binary, we see that there's a lot of text in the program. It's all instructions on how to get started with Windows exploitation. One block that is particularly interesting is:

VULNERABLE FUNCTION
-------------------
Send me exactly 1024 characters (with some constraints).
Password:
GreenhornSecretPassword!!!
@dwendt
dwendt / ashare11.md
Last active August 29, 2015 14:08
CyberSEED "ashare11"

#CyberSEED Software Challenge :: Phase1 :: ashare11

This past weekend was a "buffer overflow" competition put together by UConn. Our team of four went up and lost to UIUC who had a team of one! Great job Sam! We also got beaten by BUILDS, who did not use radare2, Jeff. 🙅

The first phase was three 32-bit challenges on a VM given to us, they were setuid binaries and we were told to automate exploiting them, spawning a shell(with tabcomplete/arrow support!) and include the key along with our script in our submission. Judging was performed manually and the scoreboard was not real-time at all. ASLR and NX were disabled, but we did have to take in mind that the stack would be located at a different spot for every restart/separate VM.

##Reversing The actual output of the bin:

Usage: ./ashare11 [command and options]
@dwendt
dwendt / keybase.md
Created November 26, 2014 03:31

Keybase proof

I hereby claim:

  • I am dwendt on github.
  • I am dwn (https://keybase.io/dwn) on keybase.
  • I have a public key whose fingerprint is 623A AAAC 3936 2C4F 1298 69CB 7446 3FC4 F593 38A1

To claim this, I am signing this object:

@dwendt
dwendt / pwnie.cpp
Created January 18, 2015 17:58
pwnadventure (credit to gd / learn_more for copypaste public code mixed in here)
#include <Windows.h>
#include <Psapi.h>
#include <stdlib.h>
#include <string>
#include <stdio.h>
#pragma comment(lib, "psapi.lib")
DWORD GObjects = 0;
DWORD GNames = 0;
class Vector3 {
@dwendt
dwendt / pwnadv2015.md
Last active August 29, 2015 14:13
Ghost in the Shellcode 2015 Pwnadventure

Pwnadventure 2015

This year the Pwnadventure challenge for GitS was written using Unreal Engine 4. This was an interesting choice because this makes it one of the first few games published using the engine. I'm very familiar with UE3 hacking and how the engine works internally(drop-in cheat code for anything using the engine), so I had decided to try to find a game published on UE4 and get up to speed prior to the competition. There really wasn't anything decent available.

It should be noted that doing this challenge on the three different operating systems available conferred different avantages. Windows made it easy to understand the class structure, and linux/osx eliminated awful SSE instructions in Pirate Treasure.

Diving into pwnadv, there's a GameLogic.dll and GameLogic.pdb in the binary folder for the game. The first step to gamehacking is usually...

Reversing the classes

There's a PDB. No reversing necessary. Knowing how object oriented programming in C++ works is pretty import

@dwendt
dwendt / imagetoxpm.c
Created March 1, 2015 17:05
bkpctf central square
extern int main();
int lol() {
printf("ANIMEDAD GO\n");
FILE* file = popen("cat key","r");
// use fscanf to read:
char buffer[10000];
while(fscanf(file, "%100s", buffer) != EOF)
printf("%s\n", buffer);
pclose(file);
@dwendt
dwendt / test.md
Created March 26, 2015 03:35
markdown test!

this is markdown

it's text! but formatted

it's widely supported

@dwendt
dwendt / thing2.exe.rb
Created June 10, 2015 07:54
thing2.exe - legitbs defcon quals 2015 - 4pt pwnable
#!/usr/bin/env ruby
require 'socket'
#require 'hexdump'
$dbg = false
$sock = TCPSocket.new("localhost", 4141)
def recv_until(str)
data = ""
while tmp = $sock.recv(1024) and not tmp.empty?
@dwendt
dwendt / gist:5cc5223d4686d0e33209
Last active August 29, 2015 14:24
memoArr = {};
var charset = "A%sB$nC-(D;)Ea0Fb1Gc2Hd3Ie4Jf5Kg6Lh7Mi8Nj9OkPlQmRnSoTpUqVrWsXtYuZvwxyz"; // default gdb-peda charset
function deBruijn (charset, maxlen, n) {
var k = charset.length;
var a = [];
for (var i = 0; i < k * n; i++) a.push(0);
if (maxlen.toString() in memoArr)
return memoArr[maxlen.toString()];
for (var k in memoArr) {