Skip to content

Instantly share code, notes, and snippets.

View sirdarckcat's full-sized avatar

Eduardo' Vela" <Nava> (sirdarckcat) sirdarckcat

View GitHub Profile

get vmlinux path from then run then use r2 to generate a global callgraph

grep ' \[label="' | sort -u | sed 's/ URL=.*//g' | sed 's/ .label=/,/g' > ../symbols.csv
grep ' -> ' | grep -v 'sym.__' | sed 's/ .color.*//g' | sed 's/ -> /,/g' > callgraph.csv
reptar.elf: reptar.elf.asm
nasm -f bin reptar.elf.asm -o reptar.elf
chmod +x reptar.elf
sirdarckcat / Makefile
Last active November 19, 2023 22:41
reptar smaller poc
rexit: rexit.o
ld $^ -o $@
rexit.o: rexit.asm
nasm -f elf64 $^ -o $@
rm -rf rexit.o rexit
select * from (
fixes_tags.tags `fixes_tags`,
fixed_tags.tags `fixed_tags`
from (
sirdarckcat /
Created March 12, 2021 17:04
PoC of proxylogon chain SSRF(CVE-2021-26855) to write file
import requests
from urllib3.exceptions import InsecureRequestWarning
import random
import string
import sys
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
return ''.join(random.choice(chars) for _ in range(size))

Keybase proof

I hereby claim:

  • I am sirdarckcat on github.
  • I am sirdarckcat ( on keybase.
  • I have a public key ASDI4N0BHgeTf4c7SqQxkNozR3Vh4z-dEdjXqNwXO1n6Xgo

To claim this, I am signing this object:

sirdarckcat / Dockerfile
Created June 5, 2020 14:52
intent-intercept build dockerfile
FROM ubuntu:20.04
RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y wget git unzip openjdk-8-jdk google-android-platform-24-installer google-android-build-tools-24-installer android-sdk
RUN cd /usr/lib/android-sdk/build-tools && wget 2>/dev/null && unzip && ls
RUN git clone
RUN cd /usr/lib/android-sdk && mkdir cmdline-tools && cd cmdline-tools && wget 2>/dev/null && unzip && ls -la
RUN yes | /usr/lib/android-sdk/cmdline-tools/tools/bin/sdkmanager --licenses
RUN update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
RUN cd intent-intercept && export ANDROID_HOME=/usr/lib/android-sdk && ./gradlew assembleDebug
sirdarckcat /
Last active June 22, 2019 22:23 download all CTF tasks


wget && chmod +x
mkdir -p google-ctf-2019
DATABASE_URL= ./ google-ctf-2019/ctf
DATABASE_URL= ./ google-ctf-2019/bq
sirdarckcat /
Last active March 25, 2018 16:34
XS-Search Exploit for Secure Messaging Service

XS-Search Exploit for Secure Messaging Service

Exploit used during Insomni'hack 2018 for team int3pids.

sirdarckcat /
Last active March 26, 2018 22:25
/sbin/dhclient Ubuntu AppArmor profile bypass

/sbin/dhclient Ubuntu AppArmor profile bypass

This document explains how to bypass the /sbin/dhclient AppArmor profile installed in Ubuntu by installing a kernel module. This is a simple task, but I didn't know how to do it before today. Hopefully you find this useful.

Tested on 17.10.1 using the isc-dhcp 4.3.5-3ubuntu2.2 package.


In this advisory, Ubuntu says that the vulnerability