社会人のための趣味CTFまとめ http://hority-ctf.blogspot.jp/2014/08/ctf.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git filter-branch --commit-filter ' | |
if [ "$GIT_COMMITTER_NAME" = "<Old Name>" ]; | |
then | |
GIT_COMMITTER_NAME="<New Name>"; | |
GIT_AUTHOR_NAME="<New Name>"; | |
GIT_COMMITTER_EMAIL="<New Email>"; | |
GIT_AUTHOR_EMAIL="<New Email>"; | |
git commit-tree "$@"; | |
else | |
git commit-tree "$@"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Author: @st4g3r | |
* This is a PoC for House of Einherjar on x64 Linux. | |
* | |
* gcc -Wall -o house_of_einherjar house_of_einherjar.c | |
* | |
*/ | |
#include <stdio.h> | |
#include <stdlib.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import hmac | |
import time | |
import struct | |
import base64 | |
def compute_code(key): | |
t = int(time.time()) | |
ts = t / 30 |
#LLDB Basics
A basic overview of lldb for personal reference.
Official documentation can be found here here.
##Command Structure General syntax
<noun> <verb> [-options [option-value]] [argument [argument...]]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import types | |
import cStringIO | |
TYPE_NULL = '0' | |
TYPE_NONE = 'N' | |
TYPE_FALSE = 'F' | |
TYPE_TRUE = 'T' | |
TYPE_STOPITER = 'S' | |
TYPE_ELLIPSIS = '.' | |
TYPE_INT = 'i' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[/Script/Engine.RendererSettings] | |
grass.DiscardDataOnLoad=1 | |
r.DefaultFeature.Bloom=False | |
r.ReflectionEnvironment=0 | |
r.DefaultFeature.AmbientOcclusion=False | |
r.DefaultFeature.AmbientOcclusionStaticFraction=False | |
r.DefaultFeature.AutoExposure=False | |
r.DefaultFeature.MotionBlur=0 | |
r.DefaultFeature.LensFlare=0 | |
r.AmbientOcclusionLevels=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/jb/bin/bash | |
CYCRIPT_PORT=1337 | |
function help { | |
echo "Syntax: $0 [-p PID | -P appname] [-l /path/to/yourdylib | -L feature]" | |
echo | |
echo For example: | |
echo " $0 -P Reddit.app -l /path/to/evil.dylib # Injects evil.dylib into the Reddit app" | |
echo " or" |
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:
- Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.
OlderNewer