packz

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                packz
                / README.md
            
            
              Last active
              August 29, 2015 14:03
            
              
                Exploit exercises
              
          
    http://exploit-exercises.com/
Nebula

Level 07


http://www.cs.tut.fi/~jkorpela/perl/cgi.html
http://novosial.org/perl/backticks/index.html
http://stackoverflow.com/questions/4945876/how-can-i-debug-a-perl-script


## 80-freepto-backup.rules
ACTION=="add", SUBSYSTEM=="block", ATTRS{idVendor}=="xxxx", ATTRS{idProduct}=="xxxx", ENV{UDISKS_AUTO}="0", OWNER="packz", SYMLINK+="freepto%n", RUN+="/sbin/freepto.sh %k %n"

## bug.c
/*
 * This program shows the typical programming error
 * to handle wrong the signess of a variable.
 *
 * When the variable increases and reaches its maximum
 * value it overflows and became negative.
 *
 *  $ gcc -Wall bug.c -o bug
 *  $ ./bug | head
 *   * sizeof: 2 -> max value: 65536

## find_cpio.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
//http://people.freebsd.org/~kientzle/libarchive/man/cpio.5.txt
struct cpio_newc_header {
    char    c_magic[6];// "070701"
    char    c_ino[8];  //
    char    c_mode[8];

## 000.mkd

      
              3 files
            
          
              2 forks
            
          
              0 comments
            
          
              4 stars
            
          
                packz
                / 000.mkd
            
            
              Created
              November 15, 2012 09:06
            
              
                Static cryptsetup
              
          
    I suppose you use Debian-like systems
$ mkdir rootdir && cd rootdir && export ROOTDIR=$PWD

$ apt-get source libdevmapper1.02.1
$ apt-get source cryptsetup


## gist:3825835

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                packz
                / gist:3825835
            
            
              Last active
              October 11, 2015 07:47
            
              
                CRYPTO
              
          
RSA and padding oracle attack with very good examples another
Cryptographic doom principle
Static IV is bad
http://crypto.stackexchange.com/
http://blog.cryptographyengineering.com/2012/10/the-crypto-dream.html
http://sourceforge.net/projects/evercrack/
http://www.snikt.net/blog/2012/12/02/howto-encrypt-harddrive/
Homographic cryptography
https://factorable.net/
Real World Crypto 2013


## firmware.py
"""
Extract information about some TV firmware

http://neophob.com/2010/01/root-my-tv-hack-philips-pfl9703/

$ python firm.py firmware.upd

magic1:      2SWU
magic2:      3TXV
header size: 760

## pbkdf2.c
//http://www.ict.griffith.edu.au/anthony/software/pbkdf2.c
/*
** SYNOPSIS
**   echo "passphrase" | pbkdf2 salt_hex count > 48_byte_hex_key_and_iv
**
** DESCRIPTION
**
** Make the "Password-Based Key Derivation Function v2" function found in
** the openssl library available to the command line, as it is not available
** for use from the "openssl" command.  At the time of writing the "openssl"

## mitm.py
from scapy.all import *
import time
import argparse
import os
import sys


def arpPoison(args):
  conf.iface= args.iface
  pkt = ARP()

## assemble.gdb
define assemble
 # dont enter routine again if user hits enter
 dont-repeat
 if ($argc)
  if (*$arg0 = *$arg0)
    # check if we have a valid address by dereferencing it,
    # if we havnt, this will cause the routine to exit.
  end
  printf "Instructions will be written to %#x.\n", $arg0
 else
	/*
	* This program shows the typical programming error
	* to handle wrong the signess of a variable.
	*
	* When the variable increases and reaches its maximum
	* value it overflows and became negative.
	*
	* $ gcc -Wall bug.c -o bug
	* $ ./bug \| head
	* * sizeof: 2 -> max value: 65536
	#include <stdio.h>
	#include <stdlib.h>
	#include <unistd.h>
	#include <fcntl.h>
	#include <string.h>
	//http://people.freebsd.org/~kientzle/libarchive/man/cpio.5.txt
	struct cpio_newc_header {
	char c_magic[6];// "070701"
	char c_ino[8]; //
	char c_mode[8];
	"""
	Extract information about some TV firmware

	http://neophob.com/2010/01/root-my-tv-hack-philips-pfl9703/

	$ python firm.py firmware.upd

	magic1: 2SWU
	magic2: 3TXV
	header size: 760
	//http://www.ict.griffith.edu.au/anthony/software/pbkdf2.c
	/*
	** SYNOPSIS
	** echo "passphrase" \| pbkdf2 salt_hex count > 48_byte_hex_key_and_iv
	**
	** DESCRIPTION
	**
	** Make the "Password-Based Key Derivation Function v2" function found in
	** the openssl library available to the command line, as it is not available
	** for use from the "openssl" command. At the time of writing the "openssl"
	from scapy.all import *
	import time
	import argparse
	import os
	import sys


	def arpPoison(args):
	conf.iface= args.iface
	pkt = ARP()
	define assemble
	# dont enter routine again if user hits enter
	dont-repeat
	if ($argc)
	if ($arg0 = $arg0)
	# check if we have a valid address by dereferencing it,
	# if we havnt, this will cause the routine to exit.
	end
	printf "Instructions will be written to %#x.\n", $arg0
	else