Skip to content

Instantly share code, notes, and snippets.

View Arinerron's full-sized avatar
:shipit:
Free and Open Source Bugs (FOSB)

Aaron Esau Arinerron

:shipit:
Free and Open Source Bugs (FOSB)
View GitHub Profile
@captainGeech42
captainGeech42 / ctf_patch.py
Last active May 21, 2022 07:25
Patch out common annoying functions in CTF binaries
IMPORTS_TO_PATCH = [
"alarm",
"ptrace"
]
# iterate over imported symbols
for import_sym in bv.get_symbols_of_type(SymbolType.ImportedFunctionSymbol):
# check if symbol is in the patch list
if import_sym.name in IMPORTS_TO_PATCH:
log.log_info(f"patching out call to {import_sym.name}")
@sirdarckcat
sirdarckcat / README.md
Last active June 22, 2019 22:23
gctf.sh download all CTF tasks

gctf.sh

Usage:

wget https://gist.githubusercontent.com/sirdarckcat/087e32982bd77bddbd9c46ccbc72edf7/raw/gctf.sh && chmod +x gctf.sh
mkdir -p google-ctf-2019
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com ./gctf.sh google-ctf-2019/ctf
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com/beginners ./gctf.sh google-ctf-2019/bq
@zoilomora
zoilomora / README.md
Last active October 22, 2024 21:14
How to disable cloud-init in Ubuntu

How to disable cloud-init in Ubuntu

Prevent start

  • Create an empty file to prevent the service from starting

      sudo touch /etc/cloud/cloud-init.disabled
    

Uninstall

@d4em0n
d4em0n / hhhhh.c
Created April 15, 2019 14:46
exploiting tcache: overwrite malloc_hook without libc leak
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void setbff(void)
{
setvbuf(stdin,(char *)0x0,2,0);
setvbuf(stdout,(char *)0x0,2,0);
setvbuf(stderr,(char *)0x0,2,0);
@defuse
defuse / example.js
Created May 12, 2018 01:59
Insecure code that's visually identical to secure code.
let KEY = new Uint8Array(16);
function generate_key() {
let KEY = new Uint8Array(16);
window.crypto.getRandomValues(KEY);
return KEY;
}
KEY = generate_key();
document.body.innerText = KEY;
var_30= qword ptr -30h
var_24= dword ptr -24h
var_20= dword ptr -20h
var_1C= dword ptr -1Ch
var_18= dword ptr -18h
var_14= dword ptr -14h
var_10= dword ptr -10h
var_8= qword ptr -8
push rbp
==QPJJjYxJ0UapGbtJmCVxENWVEdvw2Zu82bn9yL6MHc0RHa
@ivy
ivy / API.txt
Created July 3, 2017 19:21
Claymore JSON-RPC API documentation (from Claymore v9.6)
EthMan uses raw TCP/IP connections (not HTTP) for remote management and statistics. Optionally, "psw" field is added to requests is the password for remote management is set for miner.
The following commands are available (JSON format):
----------------
REQUEST:
{"id":0,"jsonrpc":"2.0","method":"miner_getstat1"}
RESPONSE:
{"result": ["9.3 - ETH", "21", "182724;51;0", "30502;30457;30297;30481;30479;30505", "0;0;0", "off;off;off;off;off;off", "53;71;57;67;61;72;55;70;59;71;61;70", "eth-eu1.nanopool.org:9999", "0;0;0;0"]}
@Arinerron
Arinerron / turnitin.html
Created May 23, 2017 04:38
turnitin.com CSRF+XSS / proof of concept
<html>
<head>
<title>turnitin.com PoC</title>
</head>
<body>
<!--
Search for the string "[jsfile]" without quotes and replace it with the URL to your custom js file you want to run.
To test it out, replace "[jsfile]" with "https://arinerron.com/js/script.js".
-->

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru