- you can dump stack
- get canary, elf base, libc base leak
- ROP with no pac included gadgets
- profit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -ex | |
| apt update | |
| apt install -y dante-server | |
| useradd socks | |
| cat <<EOF >/etc/danted.conf | |
| logoutput: syslog stdout /var/log/danted.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # | |
| from binaryninja.binaryview import BinaryView | |
| from binaryninja.lowlevelil import LowLevelILStore, LowLevelILOperation | |
| from binaryninja.variable import RegisterValueType | |
| from binaryninja.demangle import demangle_gnu3 | |
| from binaryninja.exceptions import ILException | |
| def get_llil_lifted(bv: BinaryView): |
d0now
/ packexec.py
Created
May 9, 2024 12:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from glob import glob | |
| from pathlib import Path | |
| from zipfile import ZipFile | |
| def main(args): | |
| with ZipFile(str(args.out), 'w') as zip: | |
| for _f in glob(f"{args.dir}/**", recursive=True): | |
| file = Path(_f) | |
| if file.is_file(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import json | |
| import pathlib | |
| def query(cpe: str, results_per_page=20, startIndex=0): | |
| return requests.get( | |
| "https://services.nvd.nist.gov/rest/json/cves/2.0", | |
| params={ | |
| 'cpeName': cpe, |
d0now
/ binexport_binja.sh
Last active
September 12, 2023 06:41
— forked from psifertex/binexport_binja.zsh
BinExport build script for Binary Ninja w/ convenient params
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| # Note: | |
| # CMake, Clang, clang-format, Ninja, and sed are required to build | |
| PRINT_CONFIG_AND_EXIT=0 | |
| FORCE_CREATE_LINK=0 | |
| while getopts b:d:cfl opt | |
| do |
d0now
/ litecov.py
Created
July 20, 2023 08:01
BinaryNinja - LiteCov output coverage explorer snippet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from binaryninja.binaryview import BinaryView | |
| from binaryninja.enums import HighlightStandardColor | |
| from binaryninja.log import log_warn, log_info | |
| from binaryninja.interaction import OpenFileNameField, get_form_input | |
| from binaryninja.plugin import PluginCommand | |
| from typing import List | |
| class LiteCov: |
d0now
/ 2023-htb-business-ctf-pac-breaker.md
Last active
July 16, 2023 21:18
2023 HackTheBox Business CTF - PAC Breaker (pwn)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| NEWUSER=d0now | |
| set -ex | |
| cd `dirname $0` | |
| export DEBIAN_FRONTEND=noninteractive | |
| export DEBCONF_NONINTERACTIVE_SEEN=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!python3 | |
| from angr import Project, SIM_PROCEDURES, options | |
| from angr.sim_manager import SimulationManager | |
| from angr.sim_state import SimState | |
| def main(args): | |
| project = Project(args.binary, load_options={ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!python3 | |
| from angr import Project | |
| from angr.sim_state import SimState | |
| from angr.sim_manager import SimulationManager | |
| from angr.exploration_techniques.director import Director, ExecuteAddressGoal | |
| from angr.exploration_techniques.veritesting import Veritesting | |
| hits = {} |
NewerOlder