Skip to content

Instantly share code, notes, and snippets.

View leommxj's full-sized avatar
☂️
带伞不下雨下雨不带伞

Leopold leommxj

☂️
带伞不下雨下雨不带伞
View GitHub Profile
@loknop
loknop / writeup.md
Created December 30, 2021 14:59
Solving "includer's revenge" from hxp ctf 2021 without controlling any files

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

@icecr4ck
icecr4ck / ida_mc_notes.md
Last active October 27, 2024 10:54
Some notes about the IDA Microcode (intermediate language).
@ValdikSS
ValdikSS / huawei-fw-list.txt
Last active October 20, 2024 09:14
Huawei firmware files found on update server
==========================================================================
DO NOT WRITE ANY QUESTIONS IN COMMENTS
==========================================================================
This is not appropriate place for discussions. Keep this list FW-only.
I do NOT have any firmware files apart from published here or on 4pda. Please do not contact me for firmware files requests.
This is a list of files found on Huawei update server by brute-forcing URL parameters.
Some firmware files have changelogs. Just change file name to "changelog.xml" in the end of the URL.
@Jinmo
Jinmo / jni_all.h
Created May 26, 2017 07:36
Useful when reversing JNI on IDA Pro
/*
* Copyright (c) 1996, 1998, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*