Mathy Vanhoef vanhoefm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| paramSmsManager.sendDataMessage( | |
| (String)localObject1, // Destination address: Phone number entered by the user | |
| null, // Source address: null means the current default SMSC is used | |
| A, // Destination port: Random number between 16000 and 16099 | |
| paramString.getBytes(), // Data: "WhatsApp <code> WhatsApp internal use - safe to discard" | |
| (PendingIntent)localObject2, // Sent Intent: Not important for this discussion | |
| null // Delivery Intent: Not important for this discussion | |
| ); |
vanhoefm
/ password.c
Created
June 11, 2012 11:15
Security vulnerability in MySQL/MariaDB sql/password.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef char my_bool; | |
| /* | |
| Check that scrambled message corresponds to the password; the function | |
| is used by server to check that recieved reply is authentic. | |
| RETURN VALUE | |
| 0 password is correct | |
| !0 password is invalid | |
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Wireshark LUA script to handle Gamespy Packets | |
| trivial_proto = Proto("gamespy","Gamespy Protocol") | |
| -- XOR Cipher: | |
| local tab = { -- tab[i][j] = xor(i-1, j-1) | |
| {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, }, | |
| {1, 0, 3, 2, 5, 4, 7, 6, 9, 8, 11, 10, 13, 12, 15, 14, }, | |
| {2, 3, 0, 1, 6, 7, 4, 5, 10, 11, 8, 9, 14, 15, 12, 13, }, | |
| {3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12, }, | |
| {4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11, }, | |
| {5, 4, 7, 6, 1, 0, 3, 2, 13, 12, 15, 14, 9, 8, 11, 10, }, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| int main(int argc, char *argv[], char *envp[]) | |
| { | |
| int esp; | |
| printf("env: %p\narg: %p\nesp: %p\n", envp, argv, &esp); | |
| while (*envp != NULL) { | |
| printf("%s\n", *envp); | |
| ++envp; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define SHELL_PATH "/bin/sh" /* Path of the shell. */ | |
| #define SHELL_NAME "sh" /* Name to give it. */ | |
| static int do_system(const char *line) | |
| { | |
| if (fork() == 0) { | |
| const char *new_argv[4]; | |
| new_argv[0] = SHELL_NAME; | |
| new_argv[1] = "-c"; | |
| new_argv[2] = line; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int main() | |
| { | |
| running_setuid = uidget(); | |
| ... | |
| if (running_setuid && privileged_mode == 0) | |
| disable_priv_mode(); | |
| ... | |
| // start interactive shell or execute command | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct malloc_chunk { | |
| INTERNAL_SIZE_T prev_size; /* Size of previous chunk (if free). */ | |
| INTERNAL_SIZE_T size; /* Size in bytes, including overhead. */ | |
| struct malloc_chunk* fd; /* double links -- used only if free. */ | |
| struct malloc_chunk* bk; | |
| /* Only used for large blocks: pointer to next larger size. */ | |
| struct malloc_chunk* fd_nextsize; /* double links -- used only if free. */ | |
| struct malloc_chunk* bk_nextsize; |
vanhoefm
/ heapsploit1.c
Last active
December 11, 2015 00:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| int main(int argc, char *argv[]) | |
| { | |
| char *buf1 = malloc(128); | |
| char *buf2 = malloc(256); | |
| read(fileno(stdin), buf1, 200); |
vanhoefm
/ heaplayout1.c
Created
January 19, 2013 23:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| int main(int argc, char *argv[]) | |
| { | |
| char *buf1 = malloc(256); | |
| char *buf2 = malloc(512); | |
| char *buf3 = malloc(1024); | |
| char *top, *aftertop; |
vanhoefm
/ malloc\malloc.c
Last active
December 11, 2015 08:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Take a chunk off a bin list */ | |
| void unlink(malloc_chunk *P, malloc_chunk *BK, malloc_chunk *FD) | |
| { | |
| FD = P->fd; | |
| BK = P->bk; | |
| FD->bk = BK; | |
| BK->fd = FD; | |
| } |
OlderNewer