Skip to content

Instantly share code, notes, and snippets.

View theKidOfArcrania's full-sized avatar

Henry Wang theKidOfArcrania

180 followers · 45 following
View GitHub Profile
@theKidOfArcrania
theKidOfArcrania / hack.c
Last active April 28, 2021 05:46
#include <err.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/mman.h>
extern char **environ;
@theKidOfArcrania
theKidOfArcrania / gs_poc_bug.c
Created February 5, 2021 23:02
// gcc -m32 -masm=intel -ffreestanding -nostdlib -static test.c -o test
#ifndef __i386__
#define __i386__
#endif
#include <syscall.h>
#include <stdio.h>
#include <asm/ldt.h>
#include <errno.h>
#include <sys/mman.h>
@theKidOfArcrania
theKidOfArcrania / disasm
Created December 2, 2020 19:25
0000: r0 = 0x217000
0002: SYS_mmap(r0, 0x1, 0x7, 0x22, 0x0, 0x0)
0003: SYS_read(0x0, 0x217000, 0x20)
0004: init_sigstruct()
0024: init_sighand()
0050: r0 = 0x217050
0052: SYS_rt_sigaction(0x1f, r0, 0x0)
0053: SYS_prctl(0x26, 0x1, 0x0, 0x0, PASS)
0054: init_seccomp()
0294: SYS_prctl(0x16, 0x2, 0x217050, PASS, r0)
@theKidOfArcrania
theKidOfArcrania / babyrev.md
Created November 16, 2020 05:14

Here is the reversed scala code:

object Main {
  def f1(nums: Stream[Int], trans: Seq[Seq[Int]]): Stream[Int] = {
    return nums.sum #:: f1(nums.flatMap(trans), trans);
  }

  def main() = {
 val broken = f1(Stream(0), Seq(Seq(0,1,2,3), Seq(0), Seq(0), Seq(0)));
@theKidOfArcrania
theKidOfArcrania / dangling_detector.js
Created April 24, 2020 06:28
const asyncHooks = require('async_hooks');
const active = new Map();
const chained = new Set();
let callingThen = false;
let danglingSet = undefined;
const hook = asyncHooks.createHook({
init: (asyncId, type, trigger, resource) => {
if (type !== 'PROMISE') return;
const err = new Error('Potential dangling promise detected!');
@theKidOfArcrania
theKidOfArcrania / example.vm.c
Last active April 6, 2019 16:46
// Here's an example source code using the VM compiler.
BEGIN_VM
MOVI(R_SP, 0)
MOVI(R_SYS, SYS_LS)
DEBUG()
SYSCALL()
MOVI(R_SYS, SYS_RANDOM)
SYSCALL()
@theKidOfArcrania
theKidOfArcrania / hook.asm
Last active March 19, 2019 18:59
BITS 32
_printf: equ 0x0043C3E0
_WriteProcessMemory: equ 0x0043C400
_base:
hook_WriteProcessMemory:
push ebp
mov ebp, esp
@theKidOfArcrania
theKidOfArcrania / brop.py
Created March 12, 2019 04:58
from pwn import *
import threading, sys, struct
prefix = 'A' * 0x10 + p64(0x7fff262c0500)
crash_probe = 0xffffffff
hang_probe = 0x4009aa
TEST_PASS = 0
@theKidOfArcrania
theKidOfArcrania / brute.py
Created March 12, 2019 04:26
from pwn import *
import threading, sys
context.log_level = 'warning'
def printconn(msg):
p = remote('penguins.cool', 1337)
p.send(msg)
p.shutdown('send')
data = p.recvall()
@theKidOfArcrania
theKidOfArcrania / vmbuild.sh
Last active January 28, 2019 00:05
#/bin/bash
set -eu
cd /tmp
_pushd() {
builtin pushd "$@" > /dev/null
}
alias pushd=_pushd
_popd() {