Skip to content

Instantly share code, notes, and snippets.

View BZHugs's full-sized avatar

JOUET Romain BZHugs

54 followers · 25 following
View GitHub Profile
@BZHugs
BZHugs / poc.c
Created February 28, 2022 16:53 — forked from jakeajames/poc.c
CVE-2021-30955 PoC
#include <stdlib.h>
#include <stdio.h>
#include <pthread/pthread.h>
#include <mach/mach.h>
struct ool_msg {
mach_msg_header_t hdr;
mach_msg_body_t body;
mach_msg_ool_ports_descriptor_t ool_ports[];
};
@BZHugs
BZHugs / iphone.md
Created February 17, 2022 09:58
hardware name commercial name
iPhone14,5 iPhone 13
iPhone14,4 iPhone 13 mini
iPhone14,3 iPhone 13 Pro Max
iPhone14,3 iPhone 13 Pro
iPhone13,4 iPhone 12 Pro Max
iPhone13,3 iPhone 12 Pro
iPhone13,2 iPhone 12
iPhone13,1 iPhone 12 mini
@BZHugs
BZHugs / pkexec.c
Created January 26, 2022 11:02 — forked from darrenmartyn/pkexec.c
/*
* For original see haxx.in/files/blasty-vs-pkexec.c
*
* this version is just using some awful hack to
* avoid having to call gcc on the target box.
* this versions fragile - must be named payload.so
* might add better detection later, whatever.
* all credit to bl4sty for the actual exploit,
* I just made some changes for my usecase.
* you will have to change the interp for diff
@BZHugs
BZHugs / from_phenol_with_fail.py
Last active July 23, 2020 12:38
from_phenol_with_fail :)
from pwn import *
context.arch = 'x86'
context.bits = 32
context.endian = 'little'
context.os = 'linux'
context.log_level = 'warning'
dbg = False
@BZHugs
BZHugs / stage3.py
Last active June 14, 2019 17:08
Rich 3
# coding: utf8
'''
ssh defi3.challengecybersec.fr -l defi3 -p 2222
mot de passe : DGSE{?uo20tPO4(o=A=dX3njr2y{emZQodR}
'''
from pwn import *
import struct
@BZHugs
BZHugs / iot.md
Last active June 11, 2023 11:01

STM32MP1_sdk

change Docker IPs pool

sudo nano /etc/docker/daemon.json

{
  "default-address-pools":
  [
@BZHugs
BZHugs / WIRED_CSV.md
Last active September 21, 2018 12:54
  • 0 : noir: p23 (~K0) Keyboard Scan Output
  • 1 : marron: p22 (~K1) Keyboard Scan Output
  • 2 : rouge: p21 (~K2) Keyboard Scan Output
  • 3 : orange: p20 (K3) Keyboard Scan Output
  • 4 : jaune: p19 (K4) Keyboard Scan Output
  • 5 : vert: p18 (~K5) Keyboard Scan Output
  • 6 : bleu: p25 (~KR1) Keyboard Row strobe Input
  • 7 : violet : p16 (~KR2) Keyboard Row strobe Input

https://en.wikipedia.org/wiki/POKEY#Pinout

@BZHugs
BZHugs / README.md
Last active June 12, 2018 13:55
Example of code optimisation (remove libc) 
root@laptop [02:00:10] [~/Documents/pentest/cours] 
-> # ls -alh opti printf-libc
-rwxr-xr-x 1 root root 1,5K juin  12 14:00 opti
-rwxr-xr-x 1 root root 726K juin  12 14:00 printf-libc

root@laptop [02:00:26] [~/Documents/pentest/cours] 
-> # ./opti arg1 arg2 arg3    
./opti
arg1
@BZHugs
BZHugs / soupstitution.py
Created February 21, 2018 13:28
Solution for soupstitution Cipher EasyCTF 2018
#!/usr/bin/env python3
# coding: utf8
alpha = [chr(i) for i in range(999999) if chr(i).isdigit()][::-1]
def fcn2(txt):
a = 0
for c in txt:
a *= 10
a += ord(c) - ord('0')
@BZHugs
BZHugs / nohtyp1.py
Created January 1, 2018 21:25
alphabet = [chr(n) for n in range(48,58)] + [chr(n) for n in range(65,91)] + [chr(n) for n in range(97,123)] + [chr(95)]
verif = [160,155,208,160,190,215,237,134,210,126,212,222,224,238,128,240,164,213,183,192,162,178,163,162]
def crypt(a,b):
return a + (b ^ 21)
flaglength = len(verif) #24
start = "34C3_mo4r_"