I hereby claim:
- I am ocean1 on github.
- I am oce4n (https://keybase.io/oce4n) on keybase.
- I have a public key whose fingerprint is AD2F 69FC 908C 05C4 EE1C A1F7 5B7C EDEB A937 0413
To claim this, I am signing this object:
import dis, marshal, struct, sys, time, types | |
def show_file(fname): | |
f = open(fname, "rb") | |
magic = f.read(4) | |
moddate = f.read(4) | |
modtime = time.asctime(time.localtime(struct.unpack('<I', moddate)[0])) | |
print "magic %s" % (magic.encode('hex')) | |
print "moddate %s (%s)" % (moddate.encode('hex'), modtime) | |
code = marshal.load(f) |
# took from here | |
# http://codahale.com/a-lesson-in-timing-attacks/ | |
def is_equal(a, b): | |
if len(a) != len(b): | |
return False | |
result = 0 | |
for x, y in zip(a, b): | |
result |= x ^ y |
00413CAB 5D POP EBP | |
00413CAC 81ED 38324000 SUB EBP,video.00403238 | |
00413CB2 64:8B1D 30000000 MOV EBX,DWORD PTR FS:[30] ;PEB | |
00413CB9 8B5B 0C MOV EBX,DWORD PTR DS:[EBX+C] ;PPEB_LDR_DATA, LoaderData | |
00413CBC 8B5B 1C MOV EBX,DWORD PTR DS:[EBX+1C] ;InInitializationOrderModuleList | |
00413CBF 8B1B MOV EBX,DWORD PTR DS:[EBX] ;get first loaded dll | |
00413CC1 8B5B 08 MOV EBX,DWORD PTR DS:[EBX+8] ;module base | |
00413CC4 89DA MOV EDX,EBX | |
00413CC6 8995 EB324000 MOV DWORD PTR SS:[EBP+4032EB],EDX | |
00413CCC 89D3 MOV EBX,EDX |
from pwn import * | |
context(arch='i386', os='linux', log_level="info") | |
HOST = args.get('HOST', "localhost") | |
PORT = 4000 | |
got_exit = 0x804A010 | |
# account in the shellcode that when we overwrite prev/next | |
# it may overwrite part of the shellcode, we want to jump over |
#!/bin/bash | |
# | |
# The BSD License (http://www.opensource.org/licenses/bsd-license.php) | |
# specifies the terms and conditions of use for checksec.sh: | |
# | |
# Copyright (c) 2009-2011, Tobias Klein. | |
# All rights reserved. | |
# | |
# Redistribution and use in source and binary forms, with or without | |
# modification, are permitted provided that the following conditions |
from pwn import * | |
context(arch='i386', os='linux', log_level="info") | |
DEBUG = False | |
HOST = "cybergrandsandbox_e722a7ec2ad46b9fb8472db37cb95713.quals.shallweplayaga.me" | |
PORT = 4347 | |
def spliteach(x, n): |
#include <stdio.h> | |
#include <string.h> | |
int | |
main() | |
{ | |
FILE *maps; | |
void *vdso_begin, *vdso_end; | |
maps = fopen("/proc/self/maps", "r"); |
# patching the vulnerable binary just requires to reduce the size of the read up to 0x200 :) | |
from pwn import * | |
context(arch='i386', os='linux', log_level="info") | |
DEBUG = False | |
HOST = "cybergrandsandbox_e722a7ec2ad46b9fb8472db37cb95713.quals.shallweplayaga.me" | |
PORT = 4347 |
I hereby claim:
To claim this, I am signing this object:
# This file has been auto-generated by i3-config-wizard(1). | |
# It will not be overwritten, so edit it as you like. | |
# | |
# Should you change your keyboard layout somewhen, delete | |
# this file and re-run i3-config-wizard(1). | |
# | |
# i3 config file (v4) | |
# | |
# Please see http://i3wm.org/docs/userguide.html for a complete reference! |