This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _start proc near | |
| push esp | |
| push offset _exit | |
| xor eax, eax | |
| xor ebx, ebx | |
| xor ecx, ecx | |
| xor edx, edx | |
| push ':FTC' | |
| push ' eht' | |
| push ' tra' |
H4niz
/ easy_heap.py
Created
January 30, 2018 16:56
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Easy_heap | |
| #Author: h4niz | |
| #=============== | |
| #!/usr/bin/python | |
| from pwn import * | |
| # SERVER REMOTE | |
| host = 'easyheap.acebear.site' |
H4niz
/ showScore.c
Created
January 30, 2018 16:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text:080485F5 mov [ebp+var_C], 1 | |
| .text:080485FC jmp short loc_8048631 | |
| .text:080485FE ; --------------------------------------------------------------------------- | |
| .text:080485FE mov eax, [ebp+Score] | |
| .text:08048601 mov eax, [eax] | |
| .text:08048603 cmp eax, 31h | |
| .text:08048606 ja short loc_804862D | |
| .text:08048608 mov eax, [ebp+var_C] | |
| .text:0804860B lea edx, ds:0[eax*4] | |
| .text:08048612 mov eax, [ebp+Score] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| int __cdecl main() | |
| { | |
| int v1; // [esp+0h] [ebp-E8h] | |
| char sName; // [esp+4h] [ebp-E4h] | |
| char Round; // [esp+14h] [ebp-D4h] | |
| [...] | |
| puts("Enter your name: "); | |
| cusRead(&sName); |
H4niz
/ subScore.asm
Last active
January 30, 2018 16:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text:0804859A subScore proc near ; CODE XREF: PlayGame+25C↓p | |
| .text:0804859A | |
| .text:0804859A arg_0 = dword ptr 8 | |
| .text:0804859A arg_4 = dword ptr 0Ch | |
| .text:0804859A | |
| .text:0804859A ; __unwind { | |
| .text:0804859A push ebp | |
| .text:0804859B mov ebp, esp | |
| .text:0804859D sub esp, 8 | |
| .text:080485A0 mov eax, [ebp+arg_0] |
H4niz
/ LOLGame.py
Created
January 30, 2018 16:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # LOLgame.py | |
| #Nub-author: h4niz | |
| #================== | |
| #!usr/bin/env python | |
| from pwn import * | |
| p = process('./LOLgame') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #level2 | |
| #!/usr/bin/env python | |
| #coding: utf-8 | |
| from pwn import * | |
| p = remote('127.0.0.1', 9002) | |
| raw_input('?\n') | |
H4niz
/ unlinkCheck.c
Created
January 20, 2018 16:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // UNLINK CHUNK | |
| /* consolidate backward */ | |
| if (!prev_inuse(p)) { | |
| prevsize = prev_size (p); | |
| size += prevsize; | |
| p = chunk_at_offset(p, -((long) prevsize)); | |
| unlink(av, p, bck, fwd); | |
| } | |
| if (nextchunk != av->top) { | |
| /* get and clear inuse bit */ |
H4niz
/ unlinkMarco.c
Created
January 20, 2018 15:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define unlink(AV, P, BK, FD) { \ | |
| if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0)) \ | |
| malloc_printerr ("corrupted size vs. prev_size"); \ | |
| FD = P->fd; \ | |
| BK = P->bk; \ | |
| if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \ | |
| malloc_printerr ("corrupted double-linked list"); \ | |
| else { \ | |
| FD->bk = BK; \ | |
| BK->fd = FD; \ |
H4niz
/ malloc_chunk.c
Last active
January 5, 2018 18:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| struct malloc_chunk { | |
| INTERNAL_SIZE_T prev_size; //size of prev_chunk | |
| INTERNAL_SIZE_T size; // size of chunk | |
| /* Only use if free*/ | |
| struct malloc_chunk *fd; //point to nextchunk | |
| struct malloc_chunk *bk; //point to backchunk | |
| /*Use for large chunk*/ | |
| struct malloc_chunk *fd_nextsize; |