Skip to content

Instantly share code, notes, and snippets.

Avatar

Lin, Yong Xiang r888800009

View GitHub Profile
@loknop
loknop / writeup.md
Created Dec 30, 2021
Solving "includer's revenge" from hxp ctf 2021 without controlling any files
View writeup.md

Solving "includer's revenge" from hxp ctf 2021 without controlling any files

The challenge

The challenge was to achieve RCE with this file:

<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');

Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).

I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.

View gist:cb4b6e9551457aa299066076b836a2cd
[Vulnerability Type Other]
CWE-697: Incorrect Comparison
[Vendor of Product]
unicorn-engine
[Affected Product Code Base]
unicorn engine - <=2.0.0
[Affected Component]
View peParser.cpp
#include <windows.h>
#include <iostream>
bool readBinFile(const char fileName[], char*& bufPtr, DWORD& length) {
if (FILE* fp = fopen(fileName, "rb")) {
fseek(fp, 0, SEEK_END);
length = ftell(fp);
bufPtr = new char[length + 1];
fseek(fp, 0, SEEK_SET);
fread(bufPtr, sizeof(char), length, fp);
View elf_format_cheatsheet.md

ELF Format Cheatsheet

Introduction

Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.

ELF

Compilation

@kaftejiman
kaftejiman / ret2csu.md
Last active Aug 10, 2022
ret2csu exploitation technique ROP pwn
View ret2csu.md

ret2csu

I wanted to make a clean and simple explanation of ret2csu exploitation technique as I didnt get it easily with the ressources I found on google. As far as my understanding goes. You should take it with a grain of salt.

Tests carried on a AMD64 Linux Ubuntu.

Table of Contents

@niw
niw / README.en.md
Last active Aug 8, 2022
How to run Windows 10 on ARM or Ubuntu for ARM64 in QEMU on Apple Silicon Mac
View README.en.md

How to run Windows 10 on ARM or Ubuntu for ARM64 in QEMU on Apple Silicon Mac

Here is easy steps to try Windows 10 on ARM or Ubuntu for ARM64 on your Apple Silicon Mac. Enjoy!

NOTE: that this is current, 10/1/2021 state.

Running Windows 10 on ARM

  1. Install Xcode from App Store or install Command Line Tools on your Mac
@experimatt
experimatt / iterm-colors-to-vscode.js
Last active May 18, 2022
A simple script to use your iTerm color profile in vscode's built-in terminal.
View iterm-colors-to-vscode.js
// This script takes an iTerm Color Profile as an argument and translates it for use with Visual Studio Code's built-in terminal.
//
// usage: `node iterm-colors-to-vscode.js [path-to-iterm-profile.json]
//
// To export an iTerm Color Profile:
// 1) Open iTerm
// 2) Go to Preferences -> Profiles -> Colors
// 3) Other Actions -> Save Profile as JSON
//
// To generate the applicable color settings and use them in VS Code:
@2xAA
2xAA / iterm-colors-to-vscode.js
Last active Apr 14, 2022
Convert iTerm2 "itermcolors" file to VSCode terminal color scheme
View iterm-colors-to-vscode.js
/* Generate colors using https://github.com/andreyvit/plist-to-json */
const col = [] // run your .itermcolors file through the above parser and replace the array with the output
function componentToHex(c) {
const hex = c.toString(16)
return hex.length === 1 ? `0${hex}` : hex
}
const mapping = {
'terminal.background':'Background Color',
@Barneybook
Barneybook / Telegram_it_group_list.md
Last active Jul 8, 2022
Telegram 資訊相關 群組清單
View Telegram_it_group_list.md