Nicolas Grekas - nicolas.grekas, gmail.com
17 June 2011 - Last updated on 3 sept. 2011
Not updated any more on this gist. See:
Nicolas Grekas - nicolas.grekas, gmail.com
17 June 2011 - Last updated on 3 sept. 2011
Not updated any more on this gist. See:
The following Lua program generates a Lua bytecode program called ignore-unsigned-sga.fnt
, which in turn loads a DLL from within an extremely locked down Lua 5.1 sandbox in a program called RelicCOH2.exe. The remainder of this document attempts to explain how this program works by a whirlwind tour of relevent bits of the Lua 5.1 virtual machine.
if string.dump(function()end):sub(1, 12) ~= "\27Lua\81\0\1\4\4\4\8\0" then
error("This generator requires a 32-bit version of Lua 5.1")
end
local function outer()
local magic -- In bytecode, the stack slot corresponding to this local is changed
#!/usr/bin/env python | |
## Decodes NTLM "Authenticate" HTTP-Header blobs. | |
## Reads the raw blob from stdin; prints out the contained metadata. | |
## Supports (auto-detects) Type 1, Type 2, and Type 3 messages. | |
## Based on the excellent protocol description from: | |
## <http://davenport.sourceforge.net/ntlm.html> | |
## with additional detail subsequently added from the official protocol spec: | |
## <http://msdn.microsoft.com/en-us/library/cc236621.aspx> | |
## |
#!/usr/bin/sudo sh | |
## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+. | |
## From `strings ruby_concealer.so`: | |
## | |
## > This obfuscation is intended to discourage GitHub Enterprise customers | |
## > from making modifications to the VM. | |
## | |
## Well, good, as long as its not intended to discourage *me* from doing this! |
#To Decrypt Jenkins Password from credentials.xml | |
#<username>jenkins</username> | |
#<passphrase>your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J</passphrase> | |
#go to the jenkins url | |
http://jenkins-host/script | |
#In the console paste the script | |
hashed_pw='your-sercret-hash-S0SKVKUuFfUfrY3UhhUC3J' |
cve | product | bounty | source | |
---|---|---|---|---|
CVE-2014-0257 | .NET Framework | 5,000.00 | https://hackerone.com/reports/18851 | |
CVE-2015-3842 | Android | 2,000.00 | https://code.google.com/p/android/issues/detail?id=177610 | |
CVE-2015-3847 | Android | 1,500.00 | https://code.google.com/p/android/issues/detail?id=179147 | |
CVE-2015-3860 | Android | 500.00 | https://code.google.com/p/android/issues/detail?id=178139 | |
CVE-2015-3862 | Android | 333.00 | https://code.google.com/p/android/issues/detail?id=181895 | |
CVE-2015-3865 | Android | 1,500.00 | https://code.google.com/p/android/issues/detail?id=182294 | |
CVE-2015-3867 | Android | 4,000.00 | https://code.google.com/p/android/issues/detail?id=182838 | |
CVE-2015-3868 | Android | 4,000.00 | https://code.google.com/p/android/issues/detail?id=182146 | |
CVE-2015-3869 | Android | 3,000.00 | https://code.google.com/p/android/issues/detail?id=182053 |
query IntrospectionQuery { | |
__schema { | |
queryType { name } | |
mutationType { name } | |
subscriptionType { name } | |
types { | |
...FullType | |
} | |
directives { |
Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from
/* | |
* (un)comment correct payload first (x86 or x64)! | |
* | |
* $ gcc cowroot.c -o cowroot -pthread | |
* $ ./cowroot | |
* DirtyCow root privilege escalation | |
* Backing up /usr/bin/passwd.. to /tmp/bak | |
* Size of binary: 57048 | |
* Racing, this may take a while.. | |
* /usr/bin/passwd overwritten |