Skip to content

Instantly share code, notes, and snippets.

View pawlos's full-sized avatar
🐛

Paweł Łukasik pawlos

🐛
81 followers · 75 following
View GitHub Profile
@pawlos
pawlos / solve.py
Created November 2, 2020 19:58
Solution for Flare-2020 fidler's challenge
def decode_flag(frob):
last_value = frob
encoded_flag = [1135, 1038, 1126, 1028, 1117, 1071, 1094, 1077, 1121, 1087, 1110, 1092, 1072, 1095, 1090, 1027,
1127, 1040, 1137, 1030, 1127, 1099, 1062, 1101, 1123, 1027, 1136, 1054]
decoded_flag = []
for i in range(len(encoded_flag)):
c = encoded_flag[i]
val = (c - ((i%2)*1 + (i%3)*2)) ^ last_value
decoded_flag.append(val)
@pawlos
pawlos / flow_armagedon.py
Last active September 27, 2020 17:00
#armageddon
from ghidra.program.model.listing import CodeUnitFormat, CodeUnitFormatOptions
from ghidra.program.model.symbol import RefType
codeUnitFormat = CodeUnitFormat(CodeUnitFormatOptions(CodeUnitFormatOptions.ShowBlockName.ALWAYS,CodeUnitFormatOptions.ShowNamespace.ALWAYS,"",True,True,True,True,True,True,True))
addr = toAddr('<start address>')
limiter = 0
limit = 50
instruction = currentProgram.getListing().getInstructionAt(addr)
while True:
@pawlos
pawlos / flow_exceptional.py
Created September 27, 2020 16:59
#exceptional
from ghidra.program.model.listing import CodeUnitFormat, CodeUnitFormatOptions
from ghidra.program.model.symbol import RefType
codeUnitFormat = CodeUnitFormat(CodeUnitFormatOptions(CodeUnitFormatOptions.ShowBlockName.ALWAYS,CodeUnitFormatOptions.ShowNamespace.ALWAYS,"",True,True,True,True,True,True,True))
addr = toAddr('<start_address>')
limiter = 0
instruction = currentProgram.getListing().getInstructionAt(addr)
while True:
t = instruction.getFlowType()
@pawlos
pawlos / output.txt
Created June 22, 2020 15:37
File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 61, in _exec__mT                                                                            
    output = callback(*args, **kwargs)                                            
  File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 679, in serializableType                                                               
    serializable["alignof"] = ctype.alignof                                        
AttributeError: 'gdb.Type' object has no attribute 'alignof'                          
Traceback (most recent call last):                                                                                                                                        
  File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 349, in getState                                                                             
    variable["type"]["terminal"] = serializableType(terminalType)                              
@pawlos
pawlos / output.txt
Created June 19, 2020 12:43
(gdb) [GDBFrontend] ('127.0.0.1', 36958) is connected.                                                                                                                      
(gdb) file ./write4                                                                                                                                                 
Reading symbols from ./write4...(no debugging symbols found)...done.                                                                                                  
[GDBFrontend] gdb_on_clear_objfiles()                                                                                                                                       
[GDBFrontend] gdb_on_new_objfile()                                                                                                                                          
(gdb) break main                                                                                                                                                            
@pawlos
pawlos / VCXSrv.0
Created June 13, 2020 15:43 — forked from stowler/VCXSrv.0
# It looks like -multiwindow mode triggers the static color visual in both the internal x2go xserver and the external vcxsrv
# But it also looks like -multiwindow mode is how x2go client allows resizing of the remote desktop
# ...so I'm looking for a way to allow resizing of remote desktop w/out triggering static color visual.
#
# ...output of vcxsrv.exe's usage note:
Usage...
Vcxsrv [:<display>] [option]
:display-number
@pawlos
pawlos / pwntools-final.py
Last active June 9, 2020 19:38
from pwn import *
t = process('./ret2win32')
context.terminal = ['/c/tools/wsl-terminal/open-wsl.exe','-e']
gdb.attach(t)
t.interactive()
@pawlos
pawlos / pwntools.py
Last active June 9, 2020 19:20
from pwn import *
t = process('./ret2win32')
gdb.attach(t)
t.interactive()
@pawlos
pawlos / asan.txt
Created May 4, 2020 15:42
This file has been truncated, but you can view the full file.
=================================================================
==25766==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 445 byte(s) in 42 object(s) allocated from:
#0 0x7f2919d48538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538)
#1 0x7f29194fcb68 in r_str_new /home/ubuntu/radare2/libr/util/str.c:686
#2 0x7f2911d7aeda in __init_almighty_db /home/ubuntu/radare2/libr/core/panels.c:5261
#3 0x7f2911d7b157 in __init_all_dbs /home/ubuntu/radare2/libr/core/panels.c:5278
#4 0x7f2911d899d1 in __init_new_panels_root /home/ubuntu/radare2/libr/core/panels.c:6416
#5 0x7f2911d88d12 in r_core_visual_panels_root /home/ubuntu/radare2/libr/core/panels.c:6350
@pawlos
pawlos / solv.py
Last active April 18, 2020 20:09
Solution for TAMUCtf's leaning_tower!
hashes = ["9033bacfd0636139084ea80aa654113f3240f7fc",
"97f0f871be356f464bca862487e365d92fc507bb",
"11071c464490c8baaa979bf83e098f3318b36003",
"45fa0b57640f797ad28709cf7f3b495d61514418",
"2540407ace41adaaa279c9a9f8d900bd87a8aa5d",
"f4c50cd4475f6a1833180506817b4bbd45dc17f7",
"f0e8c88568fcb989f60f09f52b1aad1b7d2454b5",
"744dde01735bc3d2b047d7d9fbc5662b97628f01",
"2cab6da567fa23426f81d54326ca537e5bd89d7e",
"7f0bc15fb2695af18fd1e6c8df386f824cf67af9",