Enigmatrix

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <title>MEMEMEMEMEMEMEMEMEM</title>
<style id="jsbin-css">
.stuff{
  display:inline-block;
}
.stuffimg{

Enigmatrix

<!DOCTYPE html>
<html ng-app="app">
<head>
    <meta charset="utf-8">
    <title>MEMEMEMEMEMEMEMEMEM</title>
    <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js"></script>
    <script src="https://cdn.firebase.com/js/client/2.2.1/firebase.js"></script>
    <script src="https://cdn.firebase.com/libs/angularfire/1.0.0/angularfire.min.js"></script>
    <link href="main.css" rel="stylesheet">
</head>

Enigmatrix

<!DOCTYPE html>
<html ng-app="app">
<head>
    <meta charset="utf-8">
    <title>MEMEMEMEMEMEMEMEMEM</title>
    <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js"></script>
    <script src="https://cdn.firebase.com/js/client/2.2.1/firebase.js"></script>
    <script src="https://cdn.firebase.com/libs/angularfire/1.0.0/angularfire.min.js"></script>
    <link href="main.css" rel="stylesheet">
</head>

Enigmatrix

<!DOCTYPE html>
<html ng-app="app">
<head>
    <meta charset="utf-8">
    <title>MEMEMEMEMEMEMEMEMEM</title>
    <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js"></script>
    <script src="https://cdn.firebase.com/js/client/2.2.1/firebase.js"></script>
    <script src="https://cdn.firebase.com/libs/angularfire/1.0.0/angularfire.min.js"></script>
    <link href="main.css" rel="stylesheet">
<style id="jsbin-css">

Enigmatrix

<!DOCTYPE html>
<html ng-app="app">
<head>
    <meta charset="utf-8">
    <title>MEMEMEMEMEMEMEMEMEM</title>
    <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js"></script>
    <script src="https://cdn.firebase.com/js/client/2.2.1/firebase.js"></script>
    <script src="https://cdn.firebase.com/libs/angularfire/1.0.0/angularfire.min.js"></script>
    <link href="main.css" rel="stylesheet">
<style id="jsbin-css">

Enigmatrix

<!DOCTYPE html>
<head>
  <meta charset="utf-8">
  <title>SayIt</title>
  <link rel="stylesheet" href="styles.css">
  <script src="scripts.js"></script>
  <link href='http://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>
<style id="jsbin-css">
body{
  font-family: 'Open Sans', sans-serif;

Enigmatrix

Start (can combine options e.g. r2 -d -A file)

• r2 file - start r2 session about file
• r2 -d pid - start r2 debug session attached to pid
• r2 -d file - start r2 debug session
• r2 -A file - start session, analyse everything first
• r2 -R profile.rr2 - start session using profile

Learning Notes

1. <cmd> - run cmd (duh)
2. <cmd> @ <addr> - runs cmd at addr
3. ~\ - \ | grep \

Enigmatrix

Type of Attack

1. Stack overflow
2. Heap overflow
3. Format String
4. NULL byte / Off by one

Format String Attack Tips

1. look at registers/stack, one of them will inevitably point to another value on stack (can do arbitrary read/write with this)
2. look at registers/stack, one of them will point to libc's functions
3. writing null bytes after a value can be done with %ln (write long int)

Enigmatrix

Keybase proof

I hereby claim:

• I am enigmatrix on github.
• I am enigmatrix2000 (https://keybase.io/enigmatrix2000) on keybase.
• I have a public key ASCxJeCzca28nkE8Cr336uz9RBaJm5wudwvEmPNvDEEU-Qo

To claim this, I am signing this object:

Enigmatrix

okokokokokok
<script>alert(1)</script>

</textarea>

<script>alert(1);</script>

<textarea>