Skip to content

Instantly share code, notes, and snippets.

View nmcv's full-sized avatar

NM nmcv

26 followers · 99 following
  • United States
View GitHub Profile
@nmcv
nmcv / sha-padding.py
Created April 12, 2014 08:35 — forked from philfreo/sha-padding.py
#!/usr/bin/env python
# http://www.vnsecurity.net/t/length-extension-attack/
# sha1 padding/length extension attack
# by rd@vnsecurity.net
#
import sys
import base64
from shaext import shaext
@nmcv
nmcv / i3-exit.py
Created May 8, 2014 16:40
Exit script for i3 (replaces i3-exit) with GTK frontend. Forked off someone on GH, added CLI options
#!/usr/bin/env python
# based on cb-exit used in CrunchBang Linux <http://crunchbanglinux.org/>
import pygtk
pygtk.require('2.0')
import gtk
import os
import getpass
import sys
@nmcv
nmcv / feistel_test.py
Created November 23, 2014 19:29
Test if L3 is L3 XOR {1} in the other case. H/W 1.
#!/usr/bin/env python3
import itertools
import string
from pprint import pprint
from binascii import unhexlify, hexlify
def cmp(a, b):
@nmcv
nmcv / new_gist_file_0
Created January 23, 2015 23:15
OS X networkd "effective_audit_token" XPC type confusion sandbox escape (with exploit). From https://code.google.com/p/google-security-research/issues/detail?id=130&q=label%3AVendor-Apple
networkd is the system daemon which implements the com.apple.networkd XPC service. It's unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network.)
networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value.
An XPC message with the following keys and values will reach the function at offset 0x7421 in networkd:
exploit dict = {
“type” = 6,
“connection_id” = 1,
“state” = {
@nmcv
nmcv / wps_openwrt.sh
Last active August 29, 2015 14:14 — forked from alghanmi/wps_openwrt.sh
##
## WPS on OpenWRT
## This script enables Wi-Fi Protected Setup on OpenWRT.
##
## Resources
## http://wiki.openwrt.org/doc/uci/wireless#wps.options
##
#Install the full wpad package
opkg update
@nmcv
nmcv / simple-https-server.py
Last active August 29, 2015 14:14 — forked from dergachev/simple-https-server.py
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:4443
import BaseHTTPServer, SimpleHTTPServer
import ssl
@nmcv
nmcv / gdb_ascii_examine.txt
Created April 27, 2015 16:57
Examine memory with ASCII view in GDB
define xac
dont-repeat
set $addr = (char *)($arg0)
set $endaddr = $addr + $arg1
while $addr < $endaddr
printf "%p: ", $addr
set $lineendaddr = $addr + 8
if $lineendaddr > $endaddr
set $lineendaddr = $endaddr
end
@nmcv
nmcv / generate_a-z.py
Created November 1, 2012 01:18
Generate lowercase letters of the English alphabet in Python without using strings module
# Lowercase 'a' to 'z' list
print [chr(i) for i in xrange(ord('a'), ord('z')+1)]
@nmcv
nmcv / timing_decorators.py
Created November 6, 2012 02:30
Measure code execution time with Python
'''
A quick way of timing code runs in Python using decorators
'''
import time
def timeit(method):
@nmcv
nmcv / JavaCandR.sublime-build
Created November 10, 2012 21:52 — forked from DevinClark/JavaCandR.sublime-build
This is a build script for Sublime Text 2 that will compile and run the open java file by simply pressing cmd + B. I am very new at Java so feel free to point out problems with this script. You can just drop this file in the User Packges folder and restar
{
"cmd": ["javac", "$file_name"],
"cmd": ["java", "$file_base_name"],
"working_dir": "${project_path:${folder}}",
"selector": "source.java"
}