Skip to content

Instantly share code, notes, and snippets.

Karan Lyons karanlyons

Block or report user

Report or block karanlyons

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@karanlyons
karanlyons / smuggler.py
Last active Aug 19, 2019
Burp Suite is for chumps.
View smuggler.py
#!/bin/env python3
import dataclasses
import re
import socket
import ssl as _ssl
import types
from collections import namedtuple, OrderedDict
from dataclasses import dataclass
from io import StringIO
from itertools import chain
@karanlyons
karanlyons / lazyString.ts
Last active Aug 7, 2019
Procrastinate till you evaluate.
View lazyString.ts
export type StringReturningFunction = (...args: any[]) => string;
interface LazyString extends String {}
interface LazyStringConstructor {
new <F extends StringReturningFunction>(
func: F,
...args: Parameters<F>
): LazyString;
<F extends StringReturningFunction>(func: F, ...args: Parameters<F>): string;
@karanlyons
karanlyons / format.ts
Last active Aug 6, 2019
Add translator friendly markup to translatable strings.
View format.ts
export type Formatters = { [k: string]: (s: string) => string };
export class FormatError extends Error {
constructor(
public message: string,
public str: string,
public formatters: Formatters,
public tag: string
) {
super();
@karanlyons
karanlyons / payloadPack.js
Last active Jul 26, 2019
Char wise, byte foolish.
View payloadPack.js
const pack = s =>
s.match(/^[\u0000-\u00ff]*$/)
? s
.split("")
.map(s => s.charCodeAt())
.reduce(
(pairs, c) =>
(
!c || pairs[pairs.length - 1].length === 2
? pairs.push(...(c? [[c]] : [[c], []]))
@karanlyons
karanlyons / ZoomDaemon.yara
Last active Sep 14, 2019
Fixes for Zoom, RingCentral, Zhumu (and additional white labels) RCE vulnerabilities
View ZoomDaemon.yara
private rule Macho
{
meta:
description = "private rule to match Mach-O binaries (copied from Apple's XProtect)"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}
rule ZoomDaemon
{
View testcase.html
<html>
<head>
<style>
#left, #right, #test {
display: block;
z-index: 0;
}
#left {
float: left;
View pypy_ssl_after_fork_bug.py
import os
from http.client import HTTPSConnection
from time import sleep
def request():
connection = HTTPSConnection('httpbin.org')
connection.request('GET', '/headers')
return connection.getresponse().read()
@karanlyons
karanlyons / README.md
Created Sep 25, 2017
Headspace Challenge
View README.md

Headspace Challenge

Requirements

  • Python >=3.5 (compiled with sqlite3 support)
  • That’s it.
  • This may have been a bad idea.

Get Started

@karanlyons
karanlyons / splatify.js
Created Aug 29, 2017
splatify.js: Add some venom to your coffee
View splatify.js
function splatify(func) {
args_string = func.toString().split('(')[1].split(')')[0].split(',').map(function(s) { return s.trim(); });
if (args_string.length && args_string[args_string.length - 1] === 'splat_args') {
pivot = args_string.length - 1;
return function () {
if (arguments.length > pivot + 1) {
args = Array.prototype.slice.call(arguments, 0, pivot);
args.push(Array.prototype.slice.call(arguments, pivot));
@karanlyons
karanlyons / solver.py
Last active Jun 10, 2019
Why PRNGs are not the same as CSPRNGs
View solver.py
import z3
def sym_xoroshiro128plus(solver, sym_s0, sym_s1, mask, result):
s0 = sym_s0
s1 = sym_s1
sym_r = (sym_s0 + sym_s1)
condition = z3.Bool('c0x%0.16x' % result)
solver.add(z3.Implies(condition, (sym_r & mask) == result & mask))
You can’t perform that action at this time.