chuang76
Use the following commands to compile and link the examples:
$ gcc -std=c17 -pedantic-errors -O0 -g -S sem.c
$ as --gstabs -o sem.o sem.s
$ gcc -o sem sem.o -lpthread
This implementation makes use of the C11 Atomic Operations Library.
You might want to read this to get an introduction to armel vs armhf.
If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.
First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux
If there's no qemu-arm-static in the package list, install qemu-user-static instead
| # -------- | |
| # Hardware | |
| # -------- | |
| # Opcode - operational code | |
| # Assebly mnemonic - abbreviation for an operation | |
| # Instruction Code Format (IA-32) | |
| # - Optional instruction prefix | |
| # - Operational code |
In this article we compared different behavior of static, inline and static inline free functions in compiled binary.
All the following test was done under g++ 7.1.1 on Linux amd64, ELF64.
#pragma once
inline int only_inline() { return 42; }
static int only_static() { return 42; }
| from hashlib import md5 | |
| from base64 import b64decode | |
| from base64 import b64encode | |
| from Crypto.Cipher import AES | |
| # Padding for the input string --not | |
| # related to encryption itself. | |
| BLOCK_SIZE = 16 # Bytes | |
| pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * \ |
- Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
- Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
- Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
- Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
- Kill switch: If the website
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.comis up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).
update: A minor variant of the viru
The last few days I solved the first levels of Nebula. Nebula is an exploit exercise which consists of twenty levels. The level zero to eight where no real trouble. The level09 drove me crazy. I never wrote serious php code so I was not able to solve the string injection without cheating. For [level10] I gave up a bit too early as-well, after the first hint about TOCTOU (time-of-use to time-of-check) made me solve this with two simple bash scripts.
For the Level 11 flag cheating was no option for me. This walk through describes how I did solve this exercise. The description of this exercise states the following:
The /home/flag11/flag11 binary processes standard input and executes a shell command. There are two ways of completing this level, you may wish to do both :-) To do this level, log in as the level11 account with th
| == malloc() | |
| _dl_init_paths() | |
| Catchpoint 1 (syscalls 'mmap' [9] 'mprotect' [10] 'munmap' [11]) | |
| Breakpoint 2 at 0x1650: file src/true.c, line 59. | |
| Catchpoint 1 (call to syscall mmap), 0x00007ffff7df54da in mmap64 () at ../sysdeps/unix/syscall-template.S:84 | |
| 84 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS) | |
| Catchpoint 1 (returned from syscall mmap), 0x00007ffff7df54da in mmap64 () at ../sysdeps/unix/syscall-template.S:84 |
| ; src/boot/boot.asm | |
| ; Bootloader to load kernel, switch to 32-bit protected mode and execute kernel | |
| [BITS 16] ; 16-bit real mode | |
| [ORG 0x7C00] ; Loaded into memory at 0x7C00 | |
| MOV [bootDrive], DL ; Store DL (boot drive number) in memory | |
| MOV BP, 0x9000 ; Move Base Pointer in free memory space | |
| MOV SP, BP ; Move Stack Pointer to base of stack |