Skip to content

Instantly share code, notes, and snippets.

View ocean1's full-sized avatar
🐶
I may be slow to respond.

_ocean ocean1

🐶
I may be slow to respond.
50 followers · 38 following
View GitHub Profile
@ocean1
ocean1 / disasmpy.py
Created April 17, 2014 22:07
import dis, marshal, struct, sys, time, types
def show_file(fname):
f = open(fname, "rb")
magic = f.read(4)
moddate = f.read(4)
modtime = time.asctime(time.localtime(struct.unpack('<I', moddate)[0]))
print "magic %s" % (magic.encode('hex'))
print "moddate %s (%s)" % (moddate.encode('hex'), modtime)
code = marshal.load(f)
@ocean1
ocean1 / equality check to avoid timing attacks
Created May 19, 2014 14:28
# took from here
# http://codahale.com/a-lesson-in-timing-attacks/
def is_equal(a, b):
if len(a) != len(b):
return False
result = 0
for x, y in zip(a, b):
result |= x ^ y
@ocean1
ocean1 / GetProcAddr from PEB
Created September 21, 2014 21:45
00413CAB 5D POP EBP
00413CAC 81ED 38324000 SUB EBP,video.00403238
00413CB2 64:8B1D 30000000 MOV EBX,DWORD PTR FS:[30] ;PEB
00413CB9 8B5B 0C MOV EBX,DWORD PTR DS:[EBX+C] ;PPEB_LDR_DATA, LoaderData
00413CBC 8B5B 1C MOV EBX,DWORD PTR DS:[EBX+1C] ;InInitializationOrderModuleList
00413CBF 8B1B MOV EBX,DWORD PTR DS:[EBX] ;get first loaded dll
00413CC1 8B5B 08 MOV EBX,DWORD PTR DS:[EBX+8] ;module base
00413CC4 89DA MOV EDX,EBX
00413CC6 8995 EB324000 MOV DWORD PTR SS:[EBP+4032EB],EDX
00413CCC 89D3 MOV EBX,EDX
@ocean1
ocean1 / ezhp.py
Last active August 29, 2015 14:18
from pwn import *
context(arch='i386', os='linux', log_level="info")
HOST = args.get('HOST', "localhost")
PORT = 4000
got_exit = 0x804A010
# account in the shellcode that when we overwrite prev/next
# it may overwrite part of the shellcode, we want to jump over
@ocean1
ocean1 / checksec.sh
Last active August 29, 2015 14:19
checksec.sh
#!/bin/bash
#
# The BSD License (http://www.opensource.org/licenses/bsd-license.php)
# specifies the terms and conditions of use for checksec.sh:
#
# Copyright (c) 2009-2011, Tobias Klein.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@ocean1
ocean1 / gist:723c3a6bf83f15e4294a
Created May 18, 2015 11:02
defconquals2015_cybergrandsandbox.py
from pwn import *
context(arch='i386', os='linux', log_level="info")
DEBUG = False
HOST = "cybergrandsandbox_e722a7ec2ad46b9fb8472db37cb95713.quals.shallweplayaga.me"
PORT = 4347
def spliteach(x, n):
@ocean1
ocean1 / dump_vdso.c
Created May 18, 2015 11:04
dump vdso
#include <stdio.h>
#include <string.h>
int
main()
{
FILE *maps;
void *vdso_begin, *vdso_end;
maps = fopen("/proc/self/maps", "r");
@ocean1
ocean1 / defconquals2015_cybergrandsandbox.py
Last active August 29, 2015 14:21
# patching the vulnerable binary just requires to reduce the size of the read up to 0x200 :)
from pwn import *
context(arch='i386', os='linux', log_level="info")
DEBUG = False
HOST = "cybergrandsandbox_e722a7ec2ad46b9fb8472db37cb95713.quals.shallweplayaga.me"
PORT = 4347
@ocean1
ocean1 / keybase.md
Created July 27, 2015 13:28

Keybase proof

I hereby claim:

  • I am ocean1 on github.
  • I am oce4n (https://keybase.io/oce4n) on keybase.
  • I have a public key whose fingerprint is AD2F 69FC 908C 05C4 EE1C A1F7 5B7C EDEB A937 0413

To claim this, I am signing this object:

@ocean1
ocean1 / brightness.py
Created October 1, 2015 20:52 — forked from rbrito/brightness.py
Script to control monitor brightness
#!/usr/bin/env python
"""
Python script to essentially perform the same as:
gdbus call \
--session \
--dest org.gnome.SettingsDaemon \
--object-path /org/gnome/SettingsDaemon/Power \
--method org.gnome.SettingsDaemon.Power.Screen.SetPercentage 75