İşlerimizi biraz kolaylaştımrak için şöyle bi script yazdım, s uzantılı dosyayı veriyoz bir de badchar kontrolü yapılacak bytei \xbb formatında veriyoz hallediyo, badchari vermezsek otomatik \x00 kontrol ediyor.
Çıktı olarak filename-raw, filename-elf üretiyor. -d verirseniz çıktıları siliy.
Örnek:
./runner.sh -f benimkucukshellcodeum.s
./runner.sh -f benimkucukshellcodeum.s -b '\x48'
It creates <filename>-raw <filename>-elf . Former is raw form of shellcode and latter is executable.
pwntools and nasm must be installed
to install:
pip install pwntools && sudo apt install nasmAlso I recommend you to create /flag in local machine and own it with user to make life more easier
Attached is some some never-before-seen assembly code routine that we pulled off a processor which is responsible for string decryption. An input string is put into TRX register, then the routine is run, which decrypts the string.
For example, when putting UL\x03d\x1c'G\x0b'l0kmm_ string in TRX and executing this code, the resulting string in TRX is decrypted as 'tenable.ctfd.io'.
A few things we know about this assembly:
There are only two registers, DRX and TRX. These are used to hold variables throughout the runtime.
Operand order is similar to the AT&T syntax ,which has destination operand first and source operand 2nd ie: MOV DRX, "dogs", puts the string "dogs" into DRX
| import itertools | |
| WHITE = "white" | |
| BLACK = "black" | |
| class Game: | |
| def __init__(self,pieces): | |
| self.playersturn = BLACK | |
| self.message = "NoCheck" | |
| self.gameboard = {} | |
| self.placePiecesEdited(pieces) |
| import concurrent.futures | |
| import bcrypt | |
| VERBOSE=False | |
| output_file=open("bcrypted_passwords.txt","w+") | |
| def do_bcyrpt(passw): | |
| hashed =bcrypt.hashpw(passw.encode(), bcrypt.gensalt()).decode() | |
| if VERBOSE: | |
| print(hashed) | |
| output_file.write(hashed+"\n") |
| [ | |
| ":checkered_flag:", | |
| ":crossed_flags:", | |
| ":flag_ac:", | |
| ":flag_ad:", | |
| ":flag_ae:", | |
| ":flag_af:", | |
| ":flag_ag:", | |
| ":flag_ai:", | |
| ":flag_al:", |
| import concurrent.futures | |
| from hashlib import sha256 | |
| VERBOSE=False | |
| output_file=open("hashed_passwords.txt","w+") | |
| def do_sha256(passw): | |
| hashed = sha256(passw.rstrip().encode()).hexdigest() | |
| if VERBOSE: | |
| print(hashed) | |
| output_file.write(hashed+"\n") | |
| output_file.flush() |
| #include <stdio.h> | |
| #include <string.h> | |
| //190410084 | |
| int main() | |
| { | |
| char cumle[255]; | |
| printf("Bir cümle girin: \n"); | |
| gets(cumle); | |
| int cumle_uzunluk = strlen(cumle); | |
| int k_sayisi = 0; |
| f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAA8BBAAAAAAABAAAAAAAAAAAA7AAAAAAAAAAAAAEAAOAANAEAAHwAeAAYAAAAEAAAAQAAAAAAAAABAAEAAAAAAAEAAQAAAAAAA2AIAAAAAAADYAgAAAAAAAAgAAAAAAAAAAwAAAAQAAAAYAwAAAAAAABgDQAAAAAAAGANAAAAAAAAcAAAAAAAAABwAAAAAAAAAAQAAAAAAAAABAAAABAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAMgGAAAAAAAAyAYAAAAAAAAAEAAAAAAAAAEAAAAFAAAAABAAAAAAAAAAEEAAAAAAAAAQQAAAAAAAZQMAAAAAAABlAwAAAAAAAAAQAAAAAAAAAQAAAAQAAAAAIAAAAAAAAAAgQAAAAAAAACBAAAAAAAC4AgAAAAAAALgCAAAAAAAAABAAAAAAAAABAAAABgAAAAguAAAAAAAACD5AAAAAAAAIPkAAAAAAAFACAAAAAAAAiAIAAAAAAAAAEAAAAAAAAAIAAAAGAAAAIC4AAAAAAAAgPkAAAAAAACA+QAAAAAAA0AEAAAAAAADQAQAAAAAAAAgAAAAAAAAABAAAAAQAAAA4AwAAAAAAADgDQAAAAAAAOANAAAAAAAAgAAAAAAAAACAAAAAAAAAACAAAAAAAAAAEAAAABAAAAFgDAAAAAAAAWANAAAAAAABYA0AAAAAAAEQAAAAAAAAARAAAAAAAAAAEAAAAAAAAAFPldGQEAAAAOAMAAAAAAAA4A0AAAAAAADgDQAAAAAAAIAAAAAAAAAAgAAAAAAAAAAgAAAAAAAAAUOV0ZAQAAAAkIQAAAAAAACQhQAAAAAAAJCFAAAAAAABUAAAAAAAAAFQAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAACC4AAAAAAAAIPkAAAAAAAAg+QAAAAAAA |
| f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAYBEAAAAAAABAAAAAAAAAALg5AAAAAAAAAAAAAEAAOAANAEAAHwAeAAYAAAAEAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAA2AIAAAAAAADYAgAAAAAAAAgAAAAAAAAAAwAAAAQAAAAYAwAAAAAAABgDAAAAAAAAGAMAAAAAAAAcAAAAAAAAABwAAAAAAAAAAQAAAAAAAAABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAIAAAAAAAAUAgAAAAAAAAAEAAAAAAAAAEAAAAFAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAtQkAAAAAAAC1CQAAAAAAAAAQAAAAAAAAAQAAAAQAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAA4BwAAAAAAADgHAAAAAAAAABAAAAAAAAABAAAABgAAAHgtAAAAAAAAeD0AAAAAAAB4PQAAAAAAAJgCAAAAAAAAqAIAAAAAAAAAEAAAAAAAAAIAAAAGAAAAiC0AAAAAAACIPQAAAAAAAIg9AAAAAAAA8AEAAAAAAADwAQAAAAAAAAgAAAAAAAAABAAAAAQAAAA4AwAAAAAAADgDAAAAAAAAOAMAAAAAAAAwAAAAAAAAADAAAAAAAAAACAAAAAAAAAAEAAAABAAAAGgDAAAAAAAAaAMAAAAAAABoAwAAAAAAAEQAAAAAAAAARAAAAAAAAAAEAAAAAAAAAFPldGQEAAAAOAMAAAAAAAA4AwAAAAAAADgDAAAAAAAAMAAAAAAAAAAwAAAAAAAAAAgAAAAAAAAAUOV0ZAQAAADYJAAAAAAAANgkAAAAAAAA2CQAAAAAAAB8AAAAAAAAAHwAAAAAAAAABAAAAAAAAABR5XRkBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAFLldGQEAAAAeC0AAAAAAAB4PQAAAAAAAHg9AAAAAAAA |