gisti
/ cube-towel.c
Last active
August 29, 2015 14:13
— forked from fi01/cube-towel.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。 | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/socket.h> | |
| #include <arpa/inet.h> | |
| #include <pthread.h> | |
| #include <sys/mman.h> | |
| #include <sys/syscall.h> | |
| #include <linux/futex.h> |
gisti
/ How to exploit msm_acdb
Last active
February 28, 2024 08:05
— forked from fi01/How to exploit msm_acdb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| * 本来の流れ | |
| do_vfs_ioctlはacdb_ioctlをコールし、(1)のコードでリターンする。 | |
| do_vfs_ioctl: | |
| STMPW [SP], { R4-R9, LR } | |
| ... | |
| BL acdb_ioctl | |
| ... | |
| ADD SP, SP, #$44 // (2) | |
| LDMUW [SP], { R4-R9, PC } // (1) |
gisti
/ How to use msm_acdb explot
Last active
August 29, 2015 14:13
— forked from fi01/How to use msm_acdb explot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| To use msm_acdb explot we need to work 4 steps. | |
| 1. Find how to run command with root or system previlege | |
| 2. Get offset for registers to setup | |
| 3. Choose proper code in kernel image | |
| 4. Setup parameters in acdb.c | |
| 1. Find how to run command with root or system previlege | |
| Do it your self. :-P |
gisti
/ ptrace_test.c
Last active
August 29, 2015 14:13
— forked from fi01/ptrace_test.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Copyright (C) 2013 The Android Open Source Project | |
| * | |
| * Licensed under the Apache License, Version 2.0 (the "License"); | |
| * you may not use this file except in compliance with the License. | |
| * You may obtain a copy of the License at | |
| * | |
| * http://www.apache.org/licenses/LICENSE-2.0 | |
| * | |
| * Unless required by applicable law or agreed to in writing, software |
gisti
/ cube-towel.c
Last active
August 29, 2015 14:11
— forked from fi01/cube-towel.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。 | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/socket.h> | |
| #include <arpa/inet.h> | |
| #include <pthread.h> | |
| #include <sys/mman.h> | |
| #include <sys/syscall.h> | |
| #include <linux/futex.h> |
gisti
/ cube-towel.c
Last active
August 29, 2015 14:11
— forked from fi01/cube-towel.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。 | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/socket.h> | |
| #include <arpa/inet.h> | |
| #include <pthread.h> | |
| #include <sys/mman.h> | |
| #include <sys/syscall.h> | |
| #include <linux/futex.h> |
gisti
/ cube-towel.c
Last active
August 29, 2015 14:11
— forked from fi01/cube-towel.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Android.mk にて、「LOCAL_CFLAGS := -fno-stack-protector -mno-thumb -O0」を指定すること。 | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/socket.h> | |
| #include <arpa/inet.h> | |
| #include <pthread.h> | |
| #include <sys/mman.h> | |
| #include <sys/syscall.h> | |
| #include <linux/futex.h> |
gisti
/ apachekill.pl
Last active
August 29, 2015 14:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| #Apache httpd Remote Denial of Service (memory exhaustion) | |
| #By Kingcope | |
| #Year 2011 | |
| # | |
| # Will result in swapping memory to filesystem on the remote side | |
| # plus killing of processes when running out of swap space. | |
| # Remote System becomes unstable. | |
| # | |
| # PREVENTION : ADD THIS TO APACHE.CONF |
gisti
/ hb-test.py
Last active
August 29, 2015 14:07
— forked from dyatlov/hb-test.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| import sys | |
| import struct | |
| import socket | |
| import time | |
| import select | |
| import re | |
| import codecs |
gisti
/ hb-test.py
Last active
August 29, 2015 14:07
— forked from takeshixx/hb-test.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| """ | |
| Author: takeshix <takeshix@adversec.com> | |
| PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org). | |
| Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP. | |
| """ | |
| import sys,struct,socket | |
| from argparse import ArgumentParser |