git log @~1..@^2
git tag --contain
tehmoon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "flag" | |
| "fmt" | |
| "os" | |
| ) | |
| type Flags struct { | |
| } |
This is specific to Alpine using the go apk.
Compiling go binaries in same arch:
go build -buildmode exe -ldflags '-linkmode external -extldflags "-static"' .
Compiling go binaries in other arch:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "io" | |
| "os" | |
| "net/http" | |
| "net/http/httputil" | |
| "net" | |
| "golang.org/x/crypto/ssh/terminal" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "net/http" | |
| "fmt" | |
| "io" | |
| "os" | |
| "log" | |
| "crypto/x509" | |
| "crypto/x509/pkix" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "os" | |
| "os/exec" | |
| "io" | |
| "strings" | |
| "github.com/kr/pty" | |
| ) |
Format0 introduces format string vulnerabilities.
The vuln relies on the fact that user input is not sanitized and can be used as format string fed into the printf family.
In this example sprintf() is used. It takes at least 2 arguments, the destination's string and the source's string.
The idea is to do a classic buffer overflow and write 0xdeadbeef to target.
Here's the following exploit:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "io" | |
| "syscall" | |
| "os" | |
| "errors" | |
| ) | |
| func main() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export WORDCHARS='*?_[]~=&;!#$%^(){}' | |
| setopt HIST_IGNORE_SPACE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "encoding/json" | |
| "os" | |
| "text/template" | |
| ) | |
| var data = map[string]interface{}{ | |
| "blih": true, |