Skip to content

Instantly share code, notes, and snippets.

Avatar

Josh Enders joshenders

59 followers · 152 following · 354
View GitHub Profile
@koelling
koelling / gist:ef9b2b9d0be6d6dbab63
Last active Feb 7, 2017
CVE-2015-0235 (GHOST) test code
View gist:ef9b2b9d0be6d6dbab63
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
@ryo1kato
ryo1kato / bash functrace
Created Jul 13, 2012
Backtrace for bash
View bash functrace
#!/bin/bash
set -ue
bash_trace () {
typeset -i i=0
for func in "${FUNCNAME[@]}"
do
printf '%15s() %s:%d\n' \
"$func" "${BASH_SOURCE[$i]}" "${BASH_LINENO[$i]}"
@catwell
catwell / b64url-np.md
Last active Jan 17, 2020
Decoding Base64-URL without padding
View b64url-np.md

Decoding Base64-URL without padding

1) Add padding

Divide the length of the input string by 4, take the remainder. If it is 2, add two = characters at the end. If it is 3, add one = character at the end.

You now have Base64-URL with padding.

2) Translate to Base64

@smealum
smealum / qr.py
Created Jan 11, 2015
ninjhax stuff
View qr.py
import os
import sys
import struct
import ctypes
import compress
#compress.py from https://github.com/magical/nlzss/blob/master/compress.py
#slightly modified padding
def getWord(b, k, n=4):
return sum(list(map(lambda c: b[k+c]<<(c*8),range(n))))
@datagrok
datagrok / gist:2199506
Last active Sep 22, 2020
Virtualenv's `bin/activate` is Doing It Wrong
View gist:2199506
@advantis
advantis / arg.py
Last active Oct 18, 2020
Custom LLDB command for examining function arguments
View arg.py
#!/usr/bin/python
import lldb
import shlex
def mem_location(arch, index):
index = int(index)
return {
'arm' : ("$r%d" % (index)) if (index < 4) else ("$sp+%d" % (index - 4)),
'armv7' : ("$r%d" % (index)) if (index < 4) else ("$sp+%d" % (index - 4)),
@errzey
errzey / ssbug.md
Last active Oct 24, 2020
View ssbug.md

Lets take a look at the vulnerable code:

if (s->servername_done == 0) {
    switch (servname_type) {
        case TLSEXT_NAMETYPE_host_name:
            if (s->session->tlsext_hostname == NULL) {
                if (len > TLSEXT_MAXLEN_host_name ||
                    ((s->session->tlsext_hostname = OPENSSL_malloc(len + 1)) == NULL)) {
                    *al = TLS1_AD_UNRECOGNIZED_NAME;
@zcutlip
zcutlip / lldb-hand-rolled-headers.md
Last active Jan 25, 2021
Importing Hand-Rolled C Header Files in LLDB
View lldb-hand-rolled-headers.md

Importing Hand-Rolled C Header Files in LLDB

Scenario

  • We're debugging a dylib, libhello.dylib
  • The dylib is linked from hello
  • The exported function is helloworld()
  • We do not have source, but have reversed a struct from the library and created a hand-crafted header file

Header File

@joshenders
joshenders / mitmproxy.md
Last active Feb 6, 2021
mitmproxy configuration for iPad
View mitmproxy.md

Successful mitmproxy-3.7 setup tested on OS X 10.13.6 and iPhone X running 12.1.4

Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy

sudo sysctl -w net.inet.ip.forwarding=1
sudo sysctl -w net.inet.ip.redirect=0

net.inet.ip.forwarding
Enable IP forwarding between interfaces

@mjdietzx
mjdietzx / waya-dl-setup.sh
Last active Feb 23, 2021
Install CUDA Toolkit v8.0 and cuDNN v6.0 on Ubuntu 16.04
View waya-dl-setup.sh
#!/bin/bash
# install CUDA Toolkit v8.0
# instructions from https://developer.nvidia.com/cuda-downloads (linux -> x86_64 -> Ubuntu -> 16.04 -> deb (network))
CUDA_REPO_PKG="cuda-repo-ubuntu1604_8.0.61-1_amd64.deb"
wget http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1604/x86_64/${CUDA_REPO_PKG}
sudo dpkg -i ${CUDA_REPO_PKG}
sudo apt-get update
sudo apt-get -y install cuda