Skip to content

Instantly share code, notes, and snippets.

@koelling
koelling / gist:ef9b2b9d0be6d6dbab63
Last active February 7, 2017 16:21
CVE-2015-0235 (GHOST) test code
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
@ryo1kato
ryo1kato / bash functrace
Created July 13, 2012 05:54
Backtrace for bash
#!/bin/bash
set -ue
bash_trace () {
typeset -i i=0
for func in "${FUNCNAME[@]}"
do
printf '%15s() %s:%d\n' \
"$func" "${BASH_SOURCE[$i]}" "${BASH_LINENO[$i]}"
@smealum
smealum / qr.py
Created January 11, 2015 22:51
ninjhax stuff
import os
import sys
import struct
import ctypes
import compress
#compress.py from https://github.com/magical/nlzss/blob/master/compress.py
#slightly modified padding
def getWord(b, k, n=4):
return sum(list(map(lambda c: b[k+c]<<(c*8),range(n))))
@advantis
advantis / arg.py
Last active October 18, 2020 21:50
Custom LLDB command for examining function arguments
#!/usr/bin/python
import lldb
import shlex
def mem_location(arch, index):
index = int(index)
return {
'arm' : ("$r%d" % (index)) if (index < 4) else ("$sp+%d" % (index - 4)),
'armv7' : ("$r%d" % (index)) if (index < 4) else ("$sp+%d" % (index - 4)),
@errzey
errzey / ssbug.md
Last active October 24, 2020 07:30

Lets take a look at the vulnerable code:

if (s->servername_done == 0) {
    switch (servname_type) {
        case TLSEXT_NAMETYPE_host_name:
            if (s->session->tlsext_hostname == NULL) {
                if (len > TLSEXT_MAXLEN_host_name ||
                    ((s->session->tlsext_hostname = OPENSSL_malloc(len + 1)) == NULL)) {
 *al = TLS1_AD_UNRECOGNIZED_NAME;
@zcutlip
zcutlip / lldb-hand-rolled-headers.md
Last active January 25, 2021 13:38
Importing Hand-Rolled C Header Files in LLDB

Importing Hand-Rolled C Header Files in LLDB

Scenario

  • We're debugging a dylib, libhello.dylib
  • The dylib is linked from hello
  • The exported function is helloworld()
  • We do not have source, but have reversed a struct from the library and created a hand-crafted header file

Header File

@ntamvl
ntamvl / ubuntu-16-increase-maximum-file-open-limit-ulimit-n.md
Last active July 26, 2021 10:06
Ubuntu 16 – how to increase maximum file open limit ( ulimit -n )

Ubuntu 16 – how to increase maximum file open limit ( ulimit -n )

If you are setting up nginx,chances are you will discover your worker_connections is at some low number, such as 1024. You can’t increase this number unless you increase kernel limit as well. First of all run cat /proc/sys/fs/file-max to discover your maximum limit.

abc@ubuntu:~$ cat /proc/sys/fs/file-max
1048576
abc@ubuntu:~$ ulimit -n
1024
@catwell
catwell / b64url-np.md
Last active November 27, 2022 21:18
Decoding Base64-URL without padding

Decoding Base64-URL without padding

1) Add padding

Divide the length of the input string by 4, take the remainder. If it is 2, add two = characters at the end. If it is 3, add one = character at the end.

You now have Base64-URL with padding.

2) Translate to Base64

// HTTP client for testing high connection concurrency
// Authors: Richard Jones and Rasmus Andersson
// Released in the public domain. No restrictions, no support.
#include <sys/types.h>
#include <sys/time.h>
#include <sys/queue.h>
#include <stdlib.h>
#include <err.h>
#include <event.h>
#include <evhttp.h>
@datagrok
datagrok / gist:2199506
Last active April 8, 2023 17:36
Virtualenv's `bin/activate` is Doing It Wrong