Skip to content

Instantly share code, notes, and snippets.

Avatar
🐛

Paweł Łukasik pawlos

🐛
View GitHub Profile
@pawlos
pawlos / index.html
Created Sep 1, 2021 — forked from lbherrera/index.html
Solution for the MessageKeeper challenge from Pwn2Win 2021
View index.html
<!DOCTYPE html>
<html>
<head>
<title>Pwn2Win | MessageKeeper</title>
</head>
<body>
<script>
let alphabet = "0123456789abcdef";
const sleep = (ms) => {
@pawlos
pawlos / solve.py
Created Apr 10, 2021
MindnightSun 2021 murmur solution script
View solve.py
const = 0xc6a4a7935bd1e995
#simplified mangle algorith form the binary
def mangle(a, i):
b = 1
c = 0x1337
temp = c ^ (b * const)
View gist:9e94a863d089c0d6687d48d0e43cb9e5
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# This exploit template was generated via:
# $ pwn template --host crypto.2021.chall.actf.co --port 21603
from pwn import *
# Set up pwntools for the correct architecture
exe = context.binary = ELF('./chall')
# Many built-in settings can be controlled on the command-line and show up
@pawlos
pawlos / fix vmwp.bat
Created Feb 16, 2021 — forked from kruxmeier/fix vmwp.bat
enable hardware performance counters in WSL2
View fix vmwp.bat
REM open cmd.exe as admin to run this
REM Creates a patched vmwp.exe replacing these bytes:
REM 0F B6 43 64 41 89 47 64 0F B6 43 65 41 89 47 68 0F B6 43 66 41 89 47 6C 0F B6 43 67 41 89 47 70
REM 41 C7 47 64 01 00 00 00 41 C7 47 68 01 00 00 00 41 C7 47 6C 01 00 00 00 41 C7 47 70 01 00 00 00
REM Enables PMU, LBR, PEBS, IPT
cd %TEMP%
copy %windir%\system32\vmwp.exe .
@pawlos
pawlos / xrefs.py
Last active Feb 11, 2021
Ghidra's script to automate adding of XREFs for lost_in_your_eyes from DiceCTF
View xrefs.py
#script for https://www.youtube.com/watch?v=FvH7b_qLmbU
import struct
from ghidra.program.model.symbol import *
xrefs = currentProgram.getReferenceManager()
startAddr = currentAddress
currAddr = currentAddress
while True:
@pawlos
pawlos / check.py
Created Nov 25, 2020
Solution to retrozeit from DragonCTF 2020
View check.py
interesting_data = [0x8b,0x84,0x9a,0x9b,0x9a,0xb1,0xd6,0xaf,0x93,0xb2,0x81,0x8c,0x84,0xab,0x9d,0x9c,0x8e,0xb9,0xb0,0xd9,0xa8,0xa4,0x9c,0x81,0x85,0xa0,0xa6,0xb4,0x87,0x9a,0xbb,0x92,0x96,0xad,0x8c,0xd7,0xb0,0x8d,0x97]
shuffle = [0x16,0x0c,0x24,0x17,0x13,0x19,0x07,0x09,0x0e,0x23,0x05,0x01,0x18,0x21,0x0d,0x10,0x12,0x1f,0x1a,0x1e,0x22,0x00,0x0f,0x0b,0x08,0x15,0x11,0x02,0x1d,0x1c,0x26,0x03,0x04,0x25,0x14,0x20,0x06,0x1b,0x0a]
interesting_data = interesting_data[:0x27]
m = 38
j = 0
for k in range(len(interesting_data)//2):
i = shuffle.index(m)
uVar1 = shuffle[i]
uVar2 = interesting_data[i]
View solve3.py
This file has been truncated, but you can view the full file.
View solve2.py
F_L = "9655B040B64667238524D15D6201.B95D4E01C55CC562C7557405A532D768C55FA12DD074DC697A06E172992CAF3F8A5C7306B7476B38.C555AC40A7469C234424.853FA85C470699477D3851249A4B9C4E.A855AF40B84695239D24895D2101D05CCA62BE5578055232D568C05F902DDC74D2697406D7724C2CA83FCF5C2606B547A73898246B4BC14E941F9121D464D263B947EB77D36E7F1B8254.853FA85C470699477D3851249A4B9C4E.9A55B240B84692239624.CC55A940B44690238B24CA5D7501CF5C9C62B15561056032C468D15F9C2DE374DD696206B572752C8C3FB25C3806.A8558540924668236724B15D2101AA5CC362C2556A055232AE68B15F7C2DC17489695D06DB729A2C723F8E5C65069747AA389324AE4BB34E921F9421.CB55A240B5469B23.AC559340A94695238D24CD5D75018A5CB062BA557905A932D768D15F982D.D074B6696F06D5729E2CAE3FCF5C7506AD47AC388024C14B7C4E8F1F8F21CB64"
onzo = F_L.split(".")
#rigmarole(onzo(7))
def rigmarole(es):
furphy = ""
c = 0
s = ""
View solv.py
d = open('report2.xls', 'rb').read()
data_chunk = -1
start_address = [0xace1,
0xcc88,
0xecac,
0x10cd0,
@pawlos
pawlos / solve.py
Created Nov 3, 2020
Solution to Flare-on 2020's challenge no 2 - garbage
View solve.py
def decrypt(text, alphabet):
l = 0x66
cnt = len(text)
i = 0
res = []
while i < cnt:
res.append(chr(text[i] ^ ord(alphabet[i%l])))
i += 1