This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Xelenonz> xellos: พี่เอว่างปะ ผมถาม ms14-64 โหน่ย | |
* Longcat (Longcat@2600TH-member-ltv.hi1.9i01iu.IP) has joined | |
* ChanServ gives channel operator status to Longcat | |
<xellos> คำถามคือ | |
<Xelenonz> https://docs.google.com/a/e-cq.net/document/d/1SQsnKdLDOBQdbhJmIQ167WZhFLOaz3b2uTlkHNKtNSg/edit?pli=1 ไล่ตาม code ในนี้อะครับ | |
<Xelenonz> มันเป็นบัค interger ที่ทำให้เกิด type confusion ปะหว่า | |
<Xelenonz> - -" ไม่รู้ผมเข้าใจถูกป่าว | |
<xellos> integer overflow ก็ใช่นะ | |
<xellos> แต่ type confusion นั้น มันแค่เป็นวิธี exploit | |
<xellos> blog ของ coverity มันอธิบายปัญหาหมดแล้วนิ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Sumedt> สอบถามเรื่อง MS14-064 หน่อยครับ | |
<Sumedt> ถ้าเราจองพื้นที่เหมือนใน http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/ | |
<Sumedt> ที่ aa ต่อกับ ab อ่ะครับ | |
<Sumedt> ผมเข้าใจถูกมั้ยว่าถ้าเราขยายขนาดของ aa ด้วยเลขขนาดใหญ่มาก SAFEARRAYREDIM ก็จะทำงานตามปกติ ไปจนถึงการจองพื้นที่จะพบว่าไม่สามารถจองพื้นที่ได้เนื่องด้วยค่ามากกว่า 0x8000000 | |
<Sumedt> นั่นเอง หรือก็คือโปรแกรมให้ขนาดของ memory ที่เราใช้เท่าเดิมเพราะจองพื้นที่ memory ไม่ได้ แต่เรากลับได้ขอบเขตของ array เพิ่มมากขึ้น ทำให้เราสามารถเข้าถึงพื้นที่ของ aa | |
<Sumedt> ที่เพิ่มมากขึ้น ซึ่งพื้นที่ที่เพิ่มมากขึ้นนั้นก็จะไปคาบเกี่ยวกับพื้นที่ของ ab ทำให้ aa สามารถเข้าถึงพื้นที่ของ ab ได้นั่นเอง | |
* LongCatBot (uid24583@2600TH-member-97g.i0u.epq510.IP) has joined | |
<xellos> redim ทำงานไม่ปกตินะ | |
<xellos> ขยายจำนวนใน array 0x8000000 มันจะได้ size เป็น 0x80000000 | |
<xellos> ตอนแรกมันเป็น unsigned ก็ถูกอยู่หรอก |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 cgroup_enable=memory elevator=deadline rootwait |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ctrl_interface=/var/run/wpa_supplicant | |
ctrl_interface_group=0 | |
ap_scan=1 | |
update_config=1 | |
network={ | |
mode=0 | |
priority=1 | |
scan_ssid=1 | |
proto=WPA2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Slightly modified version from https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh | |
# Run with sudo ./openvpn-install.sh and not sudo sh ./openvpn-install.sh as read command has issues with external triggering of scripts | |
# OpenVPN road warrior installer for Debian, Ubuntu and CentOS | |
# This script will work on Debian, Ubuntu, CentOS and probably other distros | |
# of the same families, although no support is offered for them. It isn't | |
# bulletproof but it will probably work if you simply want to setup a VPN on | |
# your Debian/Ubuntu/CentOS box. It has been designed to be as unobtrusive and | |
# universal as possible. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -55,7 +55,21 @@ | |
After login, make `client` and `client_in` instance | |
to communicate with LINE server | |
""" | |
- raise Exception("Code is removed because of the request of LINE corporation") | |
+ | |
+ self.transport = THttpClient.THttpClient(self.LINE_HTTP_URL) | |
+ self.transport_in = THttpClient.THttpClient(self.LINE_HTTP_IN_URL) | |
+ | |
+ self.transport.setCustomHeaders(self._headers) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message | |
* Digest Algorithm, as defined in RFC 1321. | |
* Version 1.1 Copyright (C) Paul Johnston 1999 - 2002. | |
* Code also contributed by Greg Holt | |
* See http://pajhome.org.uk/site/legal.html for details. | |
*/ | |
/* | |
* Add integers, wrapping at 2^32. This uses 16-bit operations internally |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Converts a mysqldump file into a Sqlite 3 compatible file. It also extracts the MySQL `KEY xxxxx` from the | |
# CREATE block and create them in separate commands _after_ all the INSERTs. | |
# Awk is choosen because it's fast and portable. You can use gawk, original awk or even the lightning fast mawk. | |
# The mysqldump file is traversed only once. | |
# Usage: $ ./mysql2sqlite mysqldump-opts db-name | sqlite3 database.sqlite | |
# Example: $ ./mysql2sqlite --no-data -u root -pMySecretPassWord myDbase | sqlite3 database.sqlite |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import time | |
import Adafruit_CharLCD as LCD | |
lcd_columns = 16 | |
lcd = LCD.Adafruit_CharLCDPlate() | |
lcd.set_backlight(0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Invoke-UACBypass { | |
<# | |
.SYNOPSIS | |
Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy. | |
Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3) | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None |