This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
" Denite {{{ | |
" Change file_rec command. | |
call denite#custom#var('file_rec', 'command', | |
\ ['ag', '--follow', '--nocolor', '--nogroup', '--ignore=*.pyc', '-g', '']) | |
" Change mappings. | |
call denite#custom#map( | |
\ 'insert', | |
\ 'K', | |
\ '<denite:move_to_next_line>', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://i.imgur.com/L7CYCkp.png | |
https://github.com/plasma-disassembler/plasma | |
@pentest_swissky : https://twitter.com/pentest_swissky/status/1009545955069386758 | |
tweetips$ echo -en "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80" > /tmp/a | |
tweetips$ plasma --raw x86 /tmp/a | |
function _start (raw) { | |
0x0: eax = 0 | |
0x2: push eax | |
0x3: push 1752379183 "//sh" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A wet interface to manager docker | |
sudo docker run -d -p 9000:9000 -v /var/run/docker.sock:/docker.sock microbox/dockerui | |
http://microbox.io/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
write an exploit for this CVE: https://www.exploit-db.com/exploits/43718/ | |
Write an ida plugins to debug embeded https://dougallj.wordpress.com/2018/06/04/writing-a-hex-rays-plugin-vmx-intrinsics/ | |
Describe usecases like here: https://github.com/illera88/Ponce | |
pwntools integration | |
IDA plugin | |
Add original function arguments to exall | |
and document exall callbacks |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
transfer () | |
{ | |
if [ $# -eq 0 ]; then | |
echo "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md | transfer test.md"; | |
return 1; | |
fi; | |
tmpfile=$( mktemp -t transferXXX ); | |
if tty -s; then | |
basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); | |
curl --progress-bar --upload-file "$1" "https://transfer.sh/$basefile" >> $tmpfile; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wget http://SERVER:8282/cert -O cacert.der | |
openssl x509 -inform DER -in cacert.der -out cacert.pem | |
rm cacert.der | |
CERT="$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | |
adb connect SERVER:5555 | |
adb root | |
adb connect SERVER:5555 | |
adb remount | |
adb push cacert.pem "/system/etc/security/cacerts/${CERT}" | |
adb shell chmod 644 "/system/etc/security/cacerts/${CERT}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
./a.out | grep '00 ' | |
malloc(240), in metadata => 257, real_chunk_size => 0x100 | usable_size => 0xf8 | |
malloc(496), in metadata => 513, real_chunk_size => 0x200 | usable_size => 0x1f8 | |
malloc(752), in metadata => 769, real_chunk_size => 0x300 | usable_size => 0x2f8 | |
malloc(1008), in metadata => 1025, real_chunk_size => 0x400 | usable_size => 0x3f8 | |
malloc(1264), in metadata => 1281, real_chunk_size => 0x500 | usable_size => 0x4f8 | |
malloc(1520), in metadata => 1537, real_chunk_size => 0x600 | usable_size => 0x5f8 | |
malloc(1776), in metadata => 1793, real_chunk_size => 0x700 | usable_size => 0x6f8 | |
malloc(2032), in metadata => 2049, real_chunk_size => 0x800 | usable_size => 0x7f8 | |
malloc(2288), in metadata => 2305, real_chunk_size => 0x900 | usable_size => 0x8f8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
# https://github.com/epsy/clize | |
# pip install clize | |
import clize | |
def exploit(target, motivation=42): | |
print(target, motivation) | |
def fuzz(target, tool="afl", *, share=False): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@moyix | |
Another CTF trick: if you need a string for system() that will get you a shell, consider the humble "ed". It supports running shell commands (!), and b/c of English past tense is often available as a suffix of some existing string in the binary, e.g.: "File transfer complet𝙚𝙙" | |
@chaign_c | |
It also works with "ex", "vi", "sh", "vim", "gdb", "ftp", "php", "irb" I don't have ed on archlinux. ls /bin/???? if you want more. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
grep is better than awk for cross system | |
ip a | grep -o ':.*: ' | grep -v ': lo: ' | grep -o '[^ :]*' | |
ip a | awk '!/: lo: / && match($0, ": (.*): ", a) {print a[1]}' | |