NM nmcv

## latency.txt
Latency Comparison Numbers
--------------------------
L1 cache reference                            0.5 ns
Branch mispredict                             5   ns
L2 cache reference                            7   ns             14x L1 cache
Mutex lock/unlock                            25   ns
Main memory reference                       100   ns             20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy              3,000   ns
Send 1K bytes over 1 Gbps network        10,000   ns    0.01 ms
Read 4K randomly from SSD*              150,000   ns    0.15 ms

## install_phpsh.sh
# https://gist.github.com/eric1234/7324795

# Make sure git is installed
apt-get install -y git

# Remove functions that phpsh needs from config.
sed -i 's/pcntl_signal,//g' /etc/php5/cli/php.ini
sed -i 's/pcntl_fork,//g' /etc/php5/cli/php.ini
sed -i 's/pcntl_wait,//g' /etc/php5/cli/php.ini

## gdb_ascii_examine.txt
define xac
    dont-repeat
    set $addr = (char *)($arg0)
    set $endaddr = $addr + $arg1
    while $addr < $endaddr
        printf "%p: ", $addr
        set $lineendaddr = $addr + 8
        if $lineendaddr > $endaddr
            set $lineendaddr = $endaddr
        end

## simple-https-server.py
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
#    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
#    python simple-https-server.py
# then in your browser, visit:
#    https://localhost:4443

import BaseHTTPServer, SimpleHTTPServer
import ssl

## wps_openwrt.sh
##
## WPS on OpenWRT
##  This script enables Wi-Fi Protected Setup on OpenWRT.
##
##  Resources
##      http://wiki.openwrt.org/doc/uci/wireless#wps.options
##

#Install the full wpad package
opkg update

## new_gist_file_0
networkd is the system daemon which implements the com.apple.networkd XPC service. It's unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network.)

networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value.

An XPC message with the following keys and values will reach the function at offset 0x7421 in networkd:

exploit dict = {
  “type” = 6,
  “connection_id” = 1,
  “state” = {

## feistel_test.py
#!/usr/bin/env python3


import itertools
import string
from pprint import pprint
from binascii import unhexlify, hexlify

def cmp(a, b):

## sqlite_shell.py
# A minimal SQLite shell for experiments

import sqlite3

con = sqlite3.connect(":memory:")
con.isolation_level = None
cur = con.cursor()

buffer = ""

## i3-exit.py
#!/usr/bin/env python

# based on cb-exit used in CrunchBang Linux <http://crunchbanglinux.org/>

import pygtk
pygtk.require('2.0')
import gtk
import os
import getpass
import sys

## sha-padding.py
#!/usr/bin/env python
# http://www.vnsecurity.net/t/length-extension-attack/
# sha1 padding/length extension attack
# by rd@vnsecurity.net
#

import sys
import base64
from shaext import shaext
	Latency Comparison Numbers
	--------------------------
	L1 cache reference 0.5 ns
	Branch mispredict 5 ns
	L2 cache reference 7 ns 14x L1 cache
	Mutex lock/unlock 25 ns
	Main memory reference 100 ns 20x L2 cache, 200x L1 cache
	Compress 1K bytes with Zippy 3,000 ns
	Send 1K bytes over 1 Gbps network 10,000 ns 0.01 ms
	Read 4K randomly from SSD* 150,000 ns 0.15 ms
	# https://gist.github.com/eric1234/7324795

	# Make sure git is installed
	apt-get install -y git

	# Remove functions that phpsh needs from config.
	sed -i 's/pcntl_signal,//g' /etc/php5/cli/php.ini
	sed -i 's/pcntl_fork,//g' /etc/php5/cli/php.ini
	sed -i 's/pcntl_wait,//g' /etc/php5/cli/php.ini
	define xac
	dont-repeat
	set $addr = (char *)($arg0)
	set $endaddr = $addr + $arg1
	while $addr < $endaddr
	printf "%p: ", $addr
	set $lineendaddr = $addr + 8
	if $lineendaddr > $endaddr
	set $lineendaddr = $endaddr
	end
	# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
	# generate server.xml with the following command:
	# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
	# run as follows:
	# python simple-https-server.py
	# then in your browser, visit:
	# https://localhost:4443

	import BaseHTTPServer, SimpleHTTPServer
	import ssl
	##
	## WPS on OpenWRT
	## This script enables Wi-Fi Protected Setup on OpenWRT.
	##
	## Resources
	## http://wiki.openwrt.org/doc/uci/wireless#wps.options
	##

	#Install the full wpad package
	opkg update
	networkd is the system daemon which implements the com.apple.networkd XPC service. It's unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network.)

	networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value.

	An XPC message with the following keys and values will reach the function at offset 0x7421 in networkd:

	exploit dict = {
	“type” = 6,
	“connection_id” = 1,
	“state” = {
	#!/usr/bin/env python3


	import itertools
	import string
	from pprint import pprint
	from binascii import unhexlify, hexlify

	def cmp(a, b):
	# A minimal SQLite shell for experiments

	import sqlite3

	con = sqlite3.connect(":memory:")
	con.isolation_level = None
	cur = con.cursor()

	buffer = ""
	#!/usr/bin/env python

	# based on cb-exit used in CrunchBang Linux <http://crunchbanglinux.org/>

	import pygtk
	pygtk.require('2.0')
	import gtk
	import os
	import getpass
	import sys
	#!/usr/bin/env python
	# http://www.vnsecurity.net/t/length-extension-attack/
	# sha1 padding/length extension attack
	# by rd@vnsecurity.net
	#

	import sys
	import base64
	from shaext import shaext