It has been a long time since I finish(nearly) these problems...
In linux, 0 is std_input, 1 is std_output, 2 is std_error_output.
We just need to send LETMEWIN to std_input and set fd to 0 which means (our input - 0x1234) == 0.
thinkycx
/ README.MD
Created
February 6, 2017 16:10
— forked from ihciah/README.MD
Pwnable.kr Toddler's Bottle writeup
thinkycx
/ helllo world
Created
February 16, 2017 13:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| helllo world |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| # encoding:utf-8 | |
| import urllib2 | |
| import sys | |
| from poster.encode import multipart_encode | |
| from poster.streaminghttp import register_openers | |
| def poc(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/superkojiman/vulnerabilities/blob/master/Easy-File-Sharing-Web-Server-6.8/exploit.py | |
| # https://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/ | |
| # edited by thinkycx 20160309 | |
| # Exploit Title: Easy File Sharing Web Server 6.8 stack buffer overflow | |
| # Date: 10 May 2014 | |
| # Exploit Author: superkojiman - http://www.techorganic.com | |
| # Vendor Homepage: http://www.efssoft.com | |
| # Software Link: http://www.sharing-file.com/efssetup.exe | |
| # Version: 6.8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # get password saved in chrome | |
| # pip install pypiwin32 | |
| # @lijiejie https://github.com/lijiejie/chromePass/blob/master/chromePass.py | |
| import os, sys | |
| import shutil | |
| import sqlite3 | |
| import win32crypt | |
| outFile_path = os.path.join(os.path.dirname(sys.executable), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import SimpleHTTPServer | |
| import SocketServer | |
| import socket | |
| hostname = socket.gethostname() | |
| ip = socket.gethostbyname(hostname) | |
| ipList = socket.gethostbyname_ex(hostname) | |
| PORT = 8001 |
thinkycx
/ Kali 2017.1 x64, Docker-ce Install script
Created
December 14, 2017 14:30
— forked from nikallass/Kali 2017.1 x64, Docker-ce Install script
Kali 2017.1 x64, Docker-ce Install script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # update apt-get | |
| export DEBIAN_FRONTEND="noninteractive" | |
| sudo apt-get update | |
| # remove previously installed Docker | |
| sudo apt-get remove docker docker-engine docker.io* lxc-docker* | |
| # install dependencies 4 cert |
thinkycx
/ janus.py
Created
December 22, 2017 09:00
https://github.com/V-E-O/PoC/blob/master/CVE-2017-13156/janus.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import struct | |
| import hashlib | |
| from zlib import adler32 | |
| def update_checksum(data): | |
| m = hashlib.sha1() | |
| m.update(data[32:]) |
thinkycx
/ spectre.c
Created
January 5, 2018 04:08
— forked from ErikAugust/spectre.c
Spectre example code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ | |
| #endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # author: thinkycx | |
| # sudo ln -s ~/bupt-gateway.sh /usr/bin/bupt-gateway && source ~/.zshrc | |
| user=XXX | |
| password=XXX | |
| URL="http://10.3.8.211" | |
| HTTP_CODE=$(curl -s -IL $URL | head -n 1 | grep -o 200) | |
| CODE=200 | |
| if [ $HTTP_CODE -eq 200 ];then | |
| echo "Welcome to bupt!" |
OlderNewer