Nicola Vella nick0ve
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # -*- coding:utf-8 -*- | |
| import sys | |
| from ghidra.app.decompiler import DecompInterface | |
| from ghidra.util.task import ConsoleTaskMonitor | |
| from ghidra.program.model.symbol import SourceType | |
| from ghidra.program.model.listing import ParameterImpl, Function | |
| from ghidra.program.model.data import IntegerDataType, PointerDataType, CharDataType, FunctionDefinitionDataType, ParameterDefinitionImpl | |
| from ghidra.program.model.listing import FunctionSignature |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo 'H4sIAAxYJWYAA+06C1hU1bprz4sBHPeMighi7GwwEKXBQUEJnYFB9+iACBiIGK8ZZBQGmhkQH90IfHF2GHZOpb0kNfXYsazMSE+nAewA+dZUNE9aZg6hhZZKZc791957ePjqcTvf/b57z+JbrMf/r3/977X23pOQUYuECCERVJcLoXrEFQ365dIJtX/grv5oh+f+++sJw/77UwvMNqrEWjzXmlNE5eVYLMV2KtdEWUstlNlC6aanUEXFRlOYTOal5GmszXzjz/+KcTjc9bn45obP+P5pdtzQ0MaOGxzH2XFTwym23cO2Ado9DafZtpFtk815BXjt3XhOikfIuFyCDrgC83vkGI68Bf2Ho8EwGMDNlfjCPzmnCgLxfQFCXqinsqWCU1712wgRKFvrXuRubh/36SJVNkIP92EQIQpvOBLwPDAjCEVA44B/UfewRYXazaibMELZ98APs5vK7dBeH8gzNIiTo3ehECoIsxpz7DkI7ZByNFnBh/TF0yBEh3FoSCrkJrCuQK234rWElXCIrIxJPJ7yNjxan6hPxf0dGC+bxxtxG3+5YVZTYXEepyOsKxYv+DZ6sfdQxf/rQldnKuV09RLlkJl0TaHyEP3kRRWonGbEXzwEjXoPXR0fvEvIYhqUKkONOAMipGbRVOagy4ekEGLEa2FCVzPlGCkXWwbgpalKFSmXWdm+jBkDwRHfSb4nLoWJ/Or47+ma+EN0tU4Jezw3AAMpANZyQCUAu0gFh5AOFA0sFXEMUCEVCWebdUqNEvwA6McCBIZJo1AYgOK7rgD2xAEsmvQKTAyhmQo5eIPLpyKQpfFDOELxagfLHzB2JRzPVnQSGGUOh3Ic5gw1sIcbaT+HNISlEwVITNsyx8KhoIZzCpCa2as+ghUhwZCm9nbEUqllqRiUUUDgKUygBoixO1eks4S+vY8n5AmETgGhjndh2Sx+8yS8OV6bxG1ewa7ZDWvwZkybjmnhlx7ES5+EjmQAKyeg7M7GPMDmJTqmSX3EeVrGWS |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/mman.h> | |
| #define HAVE_A_NICE_DAY 42 | |
| char shellcode[] = "\xcc"; | |
| void cleararray(char **array) | |
| { | |
| unsigned int i = 0; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context.os = 'windows' | |
| def flush() -> bytes: | |
| return io.recvuntil(b'-> ') | |
| def save(data) -> bytes: | |
| flush() | |
| io.sendline(b'save') | |
| io.sendline(data) |
nick0ve
/ octal_x86.txt
Created
February 18, 2022 09:31
— forked from seanjensengrey/octal_x86.txt
x86 is an octal machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # source:http://reocities.com/SiliconValley/heights/7052/opcode.txt | |
| From: mark@omnifest.uwm.edu (Mark Hopkins) | |
| Newsgroups: alt.lang.asm | |
| Subject: A Summary of the 80486 Opcodes and Instructions | |
| (1) The 80x86 is an Octal Machine | |
| This is a follow-up and revision of an article posted in alt.lang.asm on | |
| 7-5-92 concerning the 80x86 instruction encoding. | |
| The only proper way to understand 80x86 coding is to realize that ALL 80x86 |
nick0ve
/ SystemCallAuditor.py
Created
November 28, 2021 18:36
— forked from cetfor/SystemCallAuditor.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Checks system calls for command injection patterns | |
| #@author | |
| #@category HackOvert | |
| #@keybinding | |
| #@menupath | |
| #@toolbar | |
| from ghidra.app.decompiler import DecompileOptions | |
| from ghidra.app.decompiler import DecompInterface | |
| from ghidra.program.model.pcode import Varnode |
nick0ve
/ last.extracted
Last active
November 25, 2021 19:49
ssd black friday challenge writeup by @nick0ve
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 5yyyy-MM-dd HH:mm:ssyyyy_MM_dd_HH_mm_ss<br><hr>ObjectLengthChainingModeGCMAuthTagLengthChainingModeKeyDataBlobAESMicrosoft Primitive ProviderCONNECTIONKEEP-ALIVEPROXY-AUTHENTICATEPROXY-AUTHORIZATIONTETRAILERTRANSFER-ENCODINGUPGRADE%startupfolder%\%insfolder%\%insname%/\%insfolder%\Software\Microsoft\Windows\CurrentVersion\Run%insregname%SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunTrue%GETMozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0OKhi_keep_searching\ttYSELECT * FROM Win32_ProcessorName MBUnknownCOCO_-_.zip yyyy-MM-dd hh-mm-ssCookieapplication/zipSCSC_.jpegScreenshotimage/jpeg/log.tmpKLKL_.html<html></html>Logtext/html[]Time: MM/dd/yyyy HH:mm:ssUser Name: Computer Name: OSFullName: CPU: RAM: IP Address: New Recovered!User Name: OSFullNameuninstallSoftware\Microsoft\Windows NT\CurrentVersion\WindowsLoad%ftphost%/%ftpuser%%ftppassword%STORLengthWriteCloseGetBytesOpera BrowserOpera Software\Opera StableYandex BrowserYandex\YandexBrowser\User DataIridiu |
nick0ve
/ exp.c
Created
November 22, 2021 09:30
— forked from st424204/exp.c
Futex Waiter Kernel Stack Use After free
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Futex Waiter Kernel Stack Use After free | |
| // Vuln inspired by CVE-2021-3347 | |
| // exploit tech ref https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html | |
| // leak kernel stack and overwrite kernel stack return address to userspace ( SMAP & SMEP disable) | |
| // gcc exp.c -static -masm=intel -o exp | |
| #define _GNU_SOURCE /* See feature_test_macros(7) */ | |
| #include <sys/socket.h> | |
| #include <string.h> | |
| #include <linux/futex.h> | |
| #include <stdint.h> |
nick0ve
/ idapython_cheatsheet.md
Created
September 21, 2021 22:03
— forked from icecr4ck/idapython_cheatsheet.md
Cheatsheet for IDAPython
https://stackoverflow.com/questions/20380204/how-to-load-multiple-symbol-files-in-gdb
python
# Note: Replace "readelf" with path to binary if it is not in your PATH.
READELF_BINARY = 'readelf'
class AddSymbolFileAuto (gdb.Command):
"""Load symbols from FILE, assuming FILE has been dynamically loaded (auto-address).
Usage: add-symbol-file-auto FILE [-readnow | -readnever]NewerOlder