I hereby claim:
- I am bkth on github.
- I am bkth (https://keybase.io/bkth) on keybase.
- I have a public key ASBZHtze7NMvZErOr3XCmUGi5x41XbrfafPY4bJ7fVsfgAo
To claim this, I am signing this object:
Bruno Keith bkth
bkth
/ chakragraph.py
Last active
August 30, 2018 16:21
quick and dirty prototype to generate a cfg from chakra jit output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| class Node(object): | |
| def __init__(self, name): | |
| self.name = name | |
| self.stmts = [] | |
| self.successors = [] |
bkth
/ Insomnihack pwn arena
Last active
April 27, 2020 07:08
Write-ups for the game challenges at Insomni'hack 2018 CTF
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| As was the case last year, this year's Insomni'hack featured a multi-player game and 3 challenges requiring us to | |
| hack the game in order to get the flags | |
| It was a Unity based game and was written in C#, the core of the game logic was in the Assembly-CSharp.dll and I used dnSpy | |
| (https://github.com/0xd4d/dnSpy) to decompile the DLL and understand the logic and modify the game. | |
| Nightcrawler: | |
| This challenge required us to activate 4 buttons within a 6 second window, the game used a master client architecture | |
| where activating a button would trigger an RPC call to the master client which would keep track of the challenges based |
bkth
/ objc-rpc.m
Created
March 20, 2018 15:11
remote procedure call example in obj-c for macOS services
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #import <Cocoa/Cocoa.h> | |
| @protocol NetStorageXPCObjectHandler | |
| - (void)lock; | |
| - (void)unlock; | |
| - (void)deleteAllResponses; | |
| - (void)dealloc; | |
| @end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/python2 | |
| import time | |
| import telnetlib | |
| import sys | |
| import binascii | |
| import struct | |
| import socket | |
| import random | |
| def randstr(length=10): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // JIT the target function that we will overwrite with our shellcode, even though W ^ X was already in HEAD when I wrote the exploit | |
| // It was not enabled for the release version at the time | |
| function yolo(o) { | |
| var tmp = o ** 2 + o; | |
| tmp *= 17; | |
| tmp += o ** 37; | |
| return tmp; | |
| } | |
| yolo(3); | |
| yolo(4); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import tempfile | |
| import os | |
| import string | |
| import random | |
| def randstr(): | |
| return ''.join(random.choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for _ in range(10)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from z3 import * | |
| f = open("source.c", "rb") | |
| lines = f.read().split("\n") | |
| input_byte = [] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import subprocess | |
| def run_cmd(s): | |
| return subprocess.check_output(s.split()) | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| import telnetlib | |
| import sys | |
| import binascii | |
| import struct | |
| import socket | |
| def info(s): | |
| print "[*] %s" % s |
NewerOlder