Skip to content

Instantly share code, notes, and snippets.

View bruce30262's full-sized avatar
🤔
Hmmm......

Bruce Chen bruce30262

🤔
Hmmm......
View GitHub Profile
@bruce30262
bruce30262 / ARMDebianUbuntu.md
Last active October 14, 2024 19:53 — forked from Liryna/ARMDebianUbuntu.md
Emulating ARM on Debian/Ubuntu

You might want to read this to get an introduction to armel vs armhf.

If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.

Running ARM programs under linux (without starting QEMU VM!)

First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux

If there's no qemu-arm-static in the package list, install qemu-user-static instead

@bruce30262
bruce30262 / unlink.c
Last active September 29, 2015 08:36
malloc.c -- unlink
@bruce30262
bruce30262 / cgc_pov_template.py
Created August 7, 2016 00:32
a cgc pov template
#!/usr/bin/env python
# reference: http://fadec0d3.blogspot.tw/2016/05/defcon-ctf-quals-2016-legit00003.html
TEMPLATE = """
<?xml version="1.0" standalone="no" ?>
<!DOCTYPE pov SYSTEM "/usr/share/cgc-replay/replay.dtd">
<pov>
<cbid>service</cbid>
<replay>{}</replay>
== disasm: #<ISeq:<compiled>@<compiled>>================================
== catch table
| catch type: break st: 0096 ed: 0102 sp: 0000 cont: 0102
| catch type: break st: 0239 ed: 0245 sp: 0000 cont: 0245
|------------------------------------------------------------------------
local table (size: 3, argc: 0 [opts: 0, rest: -1, post: 0, block: -1, kw: -1@-1, kwrest: -1])
[ 3] k [ 2] xs
0000 trace 1 ( 1)
0002 putself
0003 putstring "digest"
@bruce30262
bruce30262 / solib-deps.sh
Created October 26, 2016 07:04 — forked from toojays/solib-deps.sh
Given a shared library (or executable) print the symbols it uses from libraries it directly depends on.
#!/bin/bash
set -e
# Given a shared library, print the symbols it uses from other libraries it
# directly depends on.
LIB=$1
# Use readelf rather than ldd here to only get direct dependencies.
DEPS=$(readelf -d $LIB | awk '/Shared library:/{ print substr($5, 2, length($5) - 2) }')
@bruce30262
bruce30262 / pdfmaker_public.py
Created December 29, 2016 21:29
from 33C3 CTF (misc 75)
#!/usr/bin/env python2.7
# -*- coding: utf-8 -*-
import signal
import sys
from random import randint
import os, pipes
from shutil import rmtree
from shutil import copyfile
import subprocess
@bruce30262
bruce30262 / picturemgr2.py
Created August 16, 2017 08:14 — forked from seanwupi/picturemgr2.py
DEFCON 2017 CTF picturemgr sprintf Stack Overflow Exploit
#!/usr/bin/env python
# By Sean @ HITCON
import re
import socket
import sys
import string
import random
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
int main()
{
char v1[1000]; // ebx@3
signed int result; // eax@7
DWORD BytesReturned; // [sp+Ch] [bp-1Ch]@2
char OutBuffer[1000]; // [sp+10h] [bp-18h]@2
LONG lDistanceToMove = 512; // [sp+24h] [bp-4h]@3
@bruce30262
bruce30262 / exp_heaven.py
Last active October 20, 2017 05:44
Solutions for HeapHeaven, HeapsOfPrint & HouseOfScepticism from Hack.lu 2017 CTF
#!/usr/bin/env python
# HeapHeaven
# solved by bruce30262
from pwn import *
import subprocess
import sys
import time
@bruce30262
bruce30262 / seccomp_ptrace_escape.c
Created October 28, 2018 12:29 — forked from thejh/seccomp_ptrace_escape.c
PoC for bypassing seccomp if ptrace is allowed (known, documented issue, even mentioned in the manpage)
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <signal.h>
#include <errno.h>
#include <fcntl.h>
#include <stddef.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/stat.h>