takeshixx

#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""

import sys,struct,socket
from argparse import ArgumentParser

onemouth

/*
 * linux 2.6.37-3.x.x x86_64, ~100 LOC
 * gcc-4.6 -O2 semtex.c && ./a.out
 * 2010 sd@fucksheep.org, salut!
 *
 * update may 2013:
 * seems like centos 2.6.32 backported the perf bug, lol.
 * jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist.
 */

klange

Since this is on Hacker News and reddit...

• No, I don't distribute my résumé like this. A friend of mine made a joke about me being the kind of person who would do this, so I did (the link on that page was added later). My actual résumé is a good bit crazier.
• I apologize for the use of _t in my types. I spend a lot of time at a level where I can do that; "reserved for system libraries? I am the system libraries".
• Since people kept complaining, I've fixed the assignments of string literals to non-const char *s.
• My use of type * name, however, is entirely intentional.
• If you're using an older compiler, you might have trouble with the anonymous unions and the designated initializers - I think gcc 4.4 requires some extra braces to get them working together. Anything reasonably recent should work fine. Clang and gcc (newer than 4.4, at le