This documents tries to address some concerns with enabling PIE.
One of the criticism of "Using PIE by default on AMD64" is,
Disconnect3d disconnect3d
🎯
disconnect3d
/ ASLR+vsyscall.rst
Created
October 14, 2019 23:00
— forked from kholia/ASLR+vsyscall.rst
Notes on ASLR and vsyscall page
disconnect3d
/ global vs nonglobal.py
Last active
October 19, 2019 10:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [9]: def foo(): | |
| ...: return x | |
| ...: def foofoo(x): | |
| ...: return x | |
| ...: def bar(): | |
| ...: x += 1 | |
| ...: def foobar(): | |
| ...: global x | |
| ...: x += 1 | |
| ...: |
disconnect3d
/ go_select_channel.go
Created
October 24, 2019 12:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "time" | |
| "fmt" | |
| ) | |
| func main() { | |
| bundles := make(chan int, 5) | |
| cancelProcessing := make(chan struct{}) |
disconnect3d
/ justctf2019_pwn_atm_exploit.py
Created
December 22, 2019 09:56
Exploit for the ATM task from justCTF 2019 (https://2019.justctf.team/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # -*- coding: utf-8 -*- | |
| from pwn import * | |
| if args.LOCAL: | |
| if not args.DBGBIN: | |
| exe = context.binary = ELF('../private/binary/atm') | |
| else: | |
| exe = context.binary = ELF('../private/binary/atm_debug') |
disconnect3d
/ container jailboxes.md
Last active
June 1, 2020 13:10
All your containers systems belong to us - a [not] curated list of jails, sandboxes, containers, etc systems.
- docker
- https://github.com/google/gvisor
- https://github.com/google/nsjail
- https://github.com/netblue30/firejail (e.g. compiler-explorer uses this)
- https://podman.io/
- systemd-nspawn
- https://github.com/lxc/lxc
disconnect3d
/ deja_vu_exploit.c
Created
March 19, 2020 00:20
deja vu task exploit from Angstrom CTF 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> | |
| #include <sys/mman.h> | |
| int* shared; |
disconnect3d
/ postgresql_bug_poc.md
Created
April 13, 2020 11:28
Random bug found in PostgreSQL database
Bug PoC below. Reported in https://www.postgresql.org/message-id/CABEVAa1dU0mDCAfaT8WF2adVXTDsLVJy_izotg6ze_hh-cn8qQ%40mail.gmail.com and fixed in https://www.postgresql.org/message-id/23800.1580509696%40sss.pgh.pa.us
This is correct:
> select json_to_tsvector('"abc"'::json, '"string"')
json_to_tsvector
--
'abc':1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // g++ spam.cpp -O3 -lpthread -std=c++14 && ./a.out | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <thread> | |
| #include <immintrin.h> | |
| __attribute__ ((target ("rdrnd"))) | |
| void exec(int id) { | |
| printf("[thread %d]\n", id); |
disconnect3d
/ compiling_asm.md
Created
September 5, 2020 18:59
— forked from yellowbyte/compiling_asm.md
how to assemble assembly with NASM assembler to 32-bit or 64-bit ELF binary with or without libc
disconnect3d
/ release-android-debuggable.md
Created
September 19, 2020 15:16
— forked from nstarke/release-android-debuggable.md
How to make a Release Android App debuggable
Let's say you want to access the application shared preferences in /data/data/com.mypackage.
You could try to run adb shell and then run-as com.mypackage
( or adb shell run-as com.mypackge ls /data/data/com.mypackage/shared_prefs),
but on a production release app downloaded from an app store you're most likely to see:
run-as: Package 'com.mypackage' is not debuggable