Zach Riggle zachriggle
zachriggle
/ poc.c
Created
September 16, 2021 10:35
— forked from UESTC-LXY/poc.c
macOS 11.5.2/iOS 14.7.1 Kernel Race Condition poc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab | |
| use it on macOS: cc poc.c -o poc while True; do ./poc ; done | |
| */ | |
| #include <errno.h> | |
| #include <signal.h> | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> |
zachriggle
/ win.py
Created
June 17, 2016 23:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # Here's the disassembly for everything | |
| """ | |
| 0804844b <vulnerable_function>: | |
| 804844b: 55 push ebp | |
| 804844c: 89 e5 mov ebp,esp | |
| 804844e: 81 ec 88 00 00 00 sub esp,0x88 | |
| 8048454: 83 ec 04 sub esp,0x4 | |
| 8048457: 68 00 01 00 00 push 0x100 |
zachriggle
/ win.py
Created
September 1, 2017 20:35
Example Exploit for ROP Emporium's ret2win Challenge Raw
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # Set up pwntools to work with this binary | |
| elf = context.binary = ELF('ret2win') | |
| # Enable verbose logging so we can see exactly what is being sent. | |
| context.log_level = 'debug' | |
| # Print out the target address | |
| info("%#x target", elf.symbols.ret2win) |
OlderNewer