sirdarckcat

get vmlinux path from https://syzkaller.appspot.com/upstream/manager/ci2-upstream-kcsan-gce then run https://github.com/torvalds/linux/blob/master/scripts/extract-vmlinux then use r2 to generate a global callgraph https://reverseengineering.stackexchange.com/questions/16081/how-to-generate-the-call-graph-of-a-binary-file

grep ' \[label="' output.dot | sort -u | sed 's/ URL=.*//g' | sed 's/ .label=/,/g' > ../symbols.csv

grep ' -> ' output.dot | grep -v 'sym.__' | sed 's/ .color.*//g' | sed 's/ -> /,/g' > callgraph.csv

sirdarckcat

reptar.elf: reptar.elf.asm
	nasm -f bin reptar.elf.asm -o reptar.elf
	chmod +x reptar.elf

sirdarckcat

rexit: rexit.o
	ld $^ -o $@

rexit.o: rexit.asm
	nasm -f elf64 $^ -o $@

clean:
	rm -rf rexit.o rexit

sirdarckcat

select * from (
  select
    syzkaller,
    fixed_commit,
    fixes_commit,
    fixes_tags.tags `fixes_tags`,
    fixed_tags.tags `fixed_tags`
  from (
    select
      syzkaller,

sirdarckcat

import requests
from urllib3.exceptions import InsecureRequestWarning
import random
import string
import sys


def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
    return ''.join(random.choice(chars) for _ in range(size))

sirdarckcat

Keybase proof

I hereby claim:

• I am sirdarckcat on github.
• I am sirdarckcat (https://keybase.io/sirdarckcat) on keybase.
• I have a public key ASDI4N0BHgeTf4c7SqQxkNozR3Vh4z-dEdjXqNwXO1n6Xgo

To claim this, I am signing this object:

sirdarckcat

FROM ubuntu:20.04
RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y wget git unzip openjdk-8-jdk google-android-platform-24-installer google-android-build-tools-24-installer android-sdk
RUN cd /usr/lib/android-sdk/build-tools && wget https://dl.google.com/android/repository/build-tools_r24.0.1-linux.zip 2>/dev/null && unzip build-tools_r24.0.1-linux.zip && ls
RUN git clone https://github.com/k3b/intent-intercept.git
RUN cd /usr/lib/android-sdk && mkdir cmdline-tools && cd cmdline-tools && wget https://dl.google.com/android/repository/commandlinetools-linux-6514223_latest.zip 2>/dev/null && unzip commandlinetools-linux-6514223_latest.zip && ls -la
RUN yes | /usr/lib/android-sdk/cmdline-tools/tools/bin/sdkmanager --licenses
RUN update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
RUN cd intent-intercept && export ANDROID_HOME=/usr/lib/android-sdk && ./gradlew assembleDebug

sirdarckcat

gctf.sh

Usage:

wget https://gist.githubusercontent.com/sirdarckcat/087e32982bd77bddbd9c46ccbc72edf7/raw/gctf.sh && chmod +x gctf.sh
mkdir -p google-ctf-2019
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com ./gctf.sh google-ctf-2019/ctf
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com/beginners ./gctf.sh google-ctf-2019/bq

sirdarckcat

XS-Search Exploit for Secure Messaging Service

Exploit used during Insomni'hack 2018 for team int3pids.

sirdarckcat

/sbin/dhclient Ubuntu AppArmor profile bypass

This document explains how to bypass the /sbin/dhclient AppArmor profile installed in Ubuntu by installing a kernel module. This is a simple task, but I didn't know how to do it before today. Hopefully you find this useful.

Tested on 17.10.1 using the isc-dhcp 4.3.5-3ubuntu2.2 package.

Background

In this advisory, Ubuntu says that the vulnerability