red0xff

import sys
from qiling import *
from qiling.const import QL_VERBOSE, QL_INTERCEPT
from qiling.os.mapper import QlFsMappedObject
import struct
import os

def level_1(ql):
    ql.mem.map(0x1000, 0x1000)
    ql.mem.write(0x1337, b"\x39\x05")

red0xff

require'digest/sha1';
require'colorize';
require'sqlite3';
require'io/console';

# Affichage d'une patterne comme image

class Array
        def to_pattern
                svg = <<SVG

red0xff

Writing an exploit for CVE-2017-8835

This is a writeup on writing the Metasploit module auxiliary/gather/peplink_bauth_sqli.rb.

I participated in Google Summer of Code 2020 with Metasploit, and worked on adding a library that would make SQL injection easier to perform in Metasploit modules, while adding support for multiple database-management systems, I provided some metasploit modules making use of the library, this writeup highlights the steps I took to write a module for a boolean-based blind SQL injection vulnerability.

While browsing recent SQL injection CVEs, I came across CVE-2017-8835, after searching a bit, I found it on exploit-db, seeing that the DBMS in-use is SQLite, this looked like a great candidate for testing

red0xff

// https://red0xff.blogspot.com/2018/11/ritsec-cictrohash-writeup.html
#include<stdint.h>
#include<stdio.h>
unsigned char state[8] = { 31, 56, 156, 167, 38, 240, 174, 248 };
unsigned char* w[2];

void reset()
{
	for (int i = 0; i < 4; i++)
		w[0][i] = state[i];

red0xff

// https://red0xff.blogspot.com/2018/11/ritsec-cictrohash-writeup.html
#include<stdint.h>
#include<stdio.h>


unsigned char state[8] = { 31, 56, 156, 167, 38, 240, 174, 248 };
unsigned char* w[2];

void reset()
{

red0xff

#include<stdio.h>

// Modular Exponentiation (https://www.geeksforgeeks.org/modular-exponentiation-power-in-modular-arithmetic/)

unsigned long long mod_exp(unsigned long long x, unsigned long long y, unsigned long long p)
{
    unsigned long long res = 1;
    x = x % p;
    while (y > 0)
    {