Skip to content

Instantly share code, notes, and snippets.

Avatar
🐳

lordidiot

🐳
View GitHub Profile
@lordidiot
lordidiot / sysnote.c
Created Sep 19, 2021
Asian Cyber Security Challenge 2021 Exploits
View sysnote.c
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/syscall.h>
#define ADD 548
@lordidiot
lordidiot / 11B, Please.md
Last active Mar 17, 2021
CTF.SG CTF 2021
View 11B, Please.md

11B, Please [Misc]: Author Writeup

Overview

This challenge was based on a behaviour I learnt from reading Attacking Network Protocols (James Forshaw). The bug has to do with some integer trickery and I thought it was pretty neat. Fun fact, I crafted the challenge idea while on security trooper duty (screw NS T.T), hence the security trooper theme of the challenge.

TL;DR

The writeup is a bit lengthy, here's the quick solution run through. Bribe -2147483648 (INT_MIN) which won't be turned positive by positive, causing money_left to be negative and giving us the flag.

Code Analysis

@lordidiot
lordidiot / v8-dereference.py
Last active May 23, 2021
GEF extension to handle tagged and compressed pointers in v8 better (WIP)
View v8-dereference.py
"""
To use the extension, place the file somewhere and add
`source /path/to/extension`
in your ~/.gdbinit file
Use just as you would with `dereference` (https://gef.readthedocs.io/en/master/commands/dereference/)
but s/deref/veref/g
Many missing features because I quickly whipped this up to solve a challenge.
1) Doesn't check for v8 version (Older versions don't use compressed pointers)