Skip to content

Instantly share code, notes, and snippets.

Javier Jiménez n30m1nd

Block or report user

Report or block n30m1nd

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View philips-hue-control.py
import requests
from sys import argv
from random import randint
from time import sleep
headers = {
'Host': '192.168.1.39',
'Connection': 'close',
'Accept': '*/*',
'User-Agent': 'HueHueHue',
View fake_fastchunk_generator.py
#!/usr/bin/python
from __future__ import print_function
from sys import argv, stdout, stderr
import struct
# 64 bit only for now
def print_chunk(chunkpos, size):
output = "\x00"*8
@n30m1nd
n30m1nd / exploit-heapheaven.py
Created Oct 20, 2017
Hack.lu 2017 - HeapHeaven write-up
View exploit-heapheaven.py
#!/usr/bin/python
# Hack.lu CTF 2017 - HeapHeaven solution by n30m1nd
# Challenge by FluxFingers - https://flatearth.fluxfingers.net/
from pwn import *
from sys import *
from struct import *
def translate_baby(size):
@n30m1nd
n30m1nd / malloc_hook.js
Last active Feb 4, 2019
Frida hooks for malloc functions for further inspection.
View malloc_hook.js
'use strict';
var mallocPtr = Module.findExportByName("libc.so.6", "malloc");
var malloc = new NativeFunction(mallocPtr, 'pointer', ['long']);
var freePtr = Module.findExportByName("libc.so.6", "free");
var freel = new NativeFunction(freePtr, 'void', ['pointer']);
var reallocPtr = Module.findExportByName("libc.so.6", "realloc");
var reallocl = new NativeFunction(reallocPtr, 'pointer', ['pointer', 'int']);
@n30m1nd
n30m1nd / apatching_for_AFL_Persistent_fuzzing.diff
Last active Dec 21, 2018
Patch for Apache httpd to make it fuzzable through afl-clang-fast
View apatching_for_AFL_Persistent_fuzzing.diff
Index: server/main.c
===================================================================
--- server/main.c (revision 1794475)
+++ server/main.c (working copy)
@@ -434,11 +434,157 @@
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
" -X : debug mode (only one worker, do not detach)");
- destroy_and_exit_process(process, 1);
+ destroy_and_exit_process(process, 0);
@n30m1nd
n30m1nd / apatching_apache_for_AFL_fuzzing.diff
Last active Oct 25, 2017
This patch adds the "-F" switch. This switch reads a file from the command line arguments and feeds it to Apache httpd server
View apatching_apache_for_AFL_fuzzing.diff
Index: server/main.c
===================================================================
--- server/main.c (revision 1794194)
+++ server/main.c (working copy)
@@ -371,7 +371,11 @@
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
" -c \"directive\" : process directive after reading "
"config files");
+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
+ " -F : hackish file to read as request "
View compile_httpd_with_flags.sh
#!/bin/bash
PREFIX="${PREFIX:-/usr/local/apache_clean}"
echo -e " \e[32mAPR"
echo
echo "Running apr with: c-compiler:$CC $CFLAGS c++-compiler:$CXX $CXXFLAGS"
sleep 2
cd apr-1* && ./configure --prefix="$PREFIX" && apr=$(pwd) && make clean && make -j4 && sudo make install && cd ..
You can’t perform that action at this time.