Skip to content

Instantly share code, notes, and snippets.

What's happening?


What's happening?
View GitHub Profile
elnx /
Last active Sep 15, 2021 — forked from Jinmo/
C/C++ header to IDA


pip install clang
pip install libclang


In IDAPython,

elnx / 0_TL_DR.markdown
Created May 30, 2020 — forked from steakknife/0_TL_DR.markdown
GNU as assembler (binutils-2.25) type sizes for x86 and x86_64
View 0_TL_DR.markdown


Integer types

  • .octa 16 bytes on x86_64 and x86
  • .quad 8 bytes on x86_64 and x86
  • .long and .int 4 bytes on x86_64 and x86
  • .word, .short and .hword 2 bytes on x86_64 and x86
  • .byte is, of course, 1 byte on x86_64 and x86

Floating-point types

View gist:256eed97cba1711ac914095c952e6e26
#!/usr/bin/env python
#-*- coding: utf-8 -*-
from pwn import *
import re
import sys
import string
import itertools
# UAF in IndexCursor
elnx /
Created Jan 7, 2019 — forked from j00ru/
Insomni'hack Teaser 2017 "winworld" exploit by Mateusz "j00ru" Jurczyk
# Insomni'hack Teaser 2017 "winworld" task exploit
# Author: Mateusz "j00ru" Jurczyk
# Date: 21 January 2017
import os
import random
import string
import sys
import struct
elnx / exploit.c
Created Oct 30, 2018 — forked from syjcnss/exploit.c
exploit for cred_jar
View exploit.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <pthread.h>
#define ALLOC_CTX _IO('t', 1)
elnx / pwn.js
Created May 8, 2018 — forked from saelo/pwn.js
Exploit for the "roll a d8" challenge of PlaidCTF 2018
View pwn.js
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018.
// N-day exploit for
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions.
// Copyright (c) 2018 Samuel Groß
elnx /
Created Apr 10, 2018 — forked from yannayl/
0ctf 2018 babyheap challenge exploit
from pwn import *
context.bits = 64
#libc = ELF('./')
libc = ELF('./')
main = ELF('./babyheap.dbg')
#main = ELF('./babyheap')
#dbg_file = './libc-2.23.debug'
def gdb_load_symbols_cmd(sym_file, elf, base):
elnx / zerofs.c
Created Apr 2, 2018 — forked from tarafans/zerofs.c
View zerofs.c
In llseek, I only check whether the offset is smaller than file_size or not.
However, the image can be crafted by the attacker. After reversing the disk
layout of the image, the attacker can mount an image which contains a normal
file having file size 0x7fffffffffffffff.
With llseek, kernel memory read and write can be achieved.
But the implemented llseek only supports positive seeking, which means that
the attacker cannot access the data before the buffer of the file.
This creates certain difficulties.
elnx /
Created Apr 2, 2018 — forked from Jackyxty/
Official solution for "Heap Storm II" of 0CTF/TCTF 2018 Quals
#!/usr/bin/env python
# encoding: utf-8
#flag{Seize it, control it, and exploit it. Welcome to the House of Storm.}
import itertools
from hashlib import sha256
from pwn import remote, process, ELF
from pwn import context
from pwn import p32,p64,u32,u64