Skip to content

Instantly share code, notes, and snippets.

@kaftejiman
kaftejiman / pimp.md
Created Feb 15, 2021
pimp my exploit *recommended for you, yes you*
View pimp.md
  1. Create this file speak.bat (this example is on windows, change accordingly in your OS)
@echo off
setlocal
for /F "tokens=*" %%a in ('more') do (
        PowerShell -Command "Add-Type -AssemblyName System.Speech; (New-Object System.Speech.Synthesis.SpeechSynthesizer).Speak('"%%a"');"
        PowerShell -Command "Add-Type -AssemblyName System.Speech; (New-Object System.Speech.Synthesis.SpeechSynthesizer).Speak('haxored! haxored! haxored! haxored! haxored! haxored!');"
)
  1. Add said created file to your PATH.
@kaftejiman
kaftejiman / bambooctf_vault.md
Last active Jan 18, 2021
Write up for The Vault challenge from BambooCTF 2021
View bambooctf_vault.md

BambooFox CTF 2021 - The Vault

Given a webpage displaying a keypad index.html, javascript driver file main.js and webassembly compiled binary wasm, you are supposed to find the pin that unlocks the vault.

Blackbox approach

Without dealing with the wasm binary at first, reading through main.js specifically between lines 18 and 25 there seems to be some environment validations and checks.

var ENVIRONMENT_IS_WEB = false;
var ENVIRONMENT_IS_WORKER = false;
@kaftejiman
kaftejiman / ret2csu.md
Last active Oct 17, 2022
ret2csu exploitation technique ROP pwn
View ret2csu.md

ret2csu

I wanted to make a clean and simple explanation of ret2csu exploitation technique as I didnt get it easily with the ressources I found on google. As far as my understanding goes. You should take it with a grain of salt.

Tests carried on a AMD64 Linux Ubuntu.

Table of Contents