inaz2
/ solve.py
Last active
October 6, 2016 23:51
PlaidCTF 2015 ebp (pwnable 160) / https://github.com/ctfs/write-ups-2015/tree/master/plaidctf-2015/pwnable/ebp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ nc -v -l 4444 | |
| Listening on [0.0.0.0] (family 0, port 4444) | |
| Connection from [127.0.0.1] port 4444 [tcp/*] accepted (family 2, sport 34901) | |
| id | |
| uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lpadmin),111(sambashare) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| int crackme(char *s, int n) | |
| { | |
| if (strlen(s) != 13) { | |
| return 0; | |
| } | |
| if (strcmp(s, "hacktheplanet") != 0) { |
inaz2
/ uaf-fopen.c
Created
September 29, 2016 07:14
use-after-free and fopen(3) / https://outflux.net/blog/archives/2011/12/22/abusing-the-file-structure/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ gcc uaf-fopen.c | |
| uaf-fopen.c: In function ‘main’: | |
| uaf-fopen.c:20:25: warning: assignment makes pointer from integer without a cast [enabled by default] | |
| *(void **)(p1+0xd8) = 0x601028-0x88; | |
| ^ | |
| $ ./a.out | |
| p1 = 0x1fc8010 | |
| fp = 0x1fc8010 | |
| $ id |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ gdb ./test | |
| Reading symbols from ./test...(no debugging symbols found)...done. | |
| (gdb) start | |
| Temporary breakpoint 1 at 0x4004f1 | |
| Starting program: /home/user/tmp/test | |
| Temporary breakpoint 1, 0x00000000004004f1 in main () | |
| 1: x/i $pc | |
| => 0x4004f1 <main+4>: pop rbp | |
| (gdb) i r |
inaz2
/ detector.py
Last active
September 27, 2016 00:19
対数正規分布の仮定による異常値検知 / http://wreathlit.blog.shinobi.jp/%E6%95%B0%E5%AD%A6/%E3%82%AC%E3%82%A6%E3%82%B9%E5%88%86%E5%B8%83%E3%81%AE%E9%80%90%E6%AC%A1%E6%8E%A8%E5%AE%9A%EF%BC%88%E5%B9%B3%E5%9D%87%E3%81%A8%E5%88%86%E6%95%A3%E3%81%AE%E6%9B%B4%E6%96%B0%E5%BC%8F%EF%BC%89
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import math | |
| class LogNormal(object): | |
| def __init__(self, skip): | |
| self.skip = skip | |
| self.n = 0 | |
| self.m = 0.0 | |
| self.s2 = 0.0 | |
| def is_anomaly(self, x): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ gcc itrace.c -o itrace | |
| $ ./itrace /bin/ls | head | |
| 7f86ae81d2d0 | |
| 7f86ae81d2d3 | |
| 7f86ae820a70 | |
| 7f86ae820a71 | |
| 7f86ae820a74 | |
| 7f86ae820a76 | |
| 7f86ae820a78 |
inaz2
/ tinyfuzz.py
Last active
September 25, 2016 19:01
fuzzing against Defcon CTF Qual 2014 shitsco / https://github.com/ctfs/write-ups-2014/tree/e572b0ce04ec4343e289ebf612d968118f0697a6/def-con-ctf-qualifier-2014/shitsco
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python tinyfuzz.py | |
| < '' | |
| oooooooo8 oooo o88 o8 | |
| 888 888ooooo oooo o888oo oooooooo8 ooooooo ooooooo | |
| 888oooooo 888 888 888 888 888ooooooo 888 888 888 888 | |
| 888 888 888 888 888 888 888 888 888 | |
| o88oooo888 o888o o888o o888o 888o 88oooooo88 88ooo888 88ooo88 | |
| Welcome to Shitsco Internet Operating System (IOS) |
inaz2
/ fastbins.c
Created
September 21, 2016 02:49
fastbins unlink attack / http://www.slideshare.net/bata_24/katagaitai-ctf-1-57598200
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| void leave() { puts("exiting normally..."); } | |
| void jackpot() { puts("jackpot!"); } | |
| void (*p_target)(); |
inaz2
/ fizzbuzz-clang.txt
Created
September 14, 2016 04:24
evaluation of fcd decompiler http://zneak.github.io/fcd/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uint64_t __libc_start_main(uint64_t rdi, uint64_t rsi, uint64_t rdx, uint64_t rcx, uint64_t r8, uint64_t r9, uint64_t sp0); | |
| uint64_t printf(uint64_t rdi); | |
| uint64_t puts(uint64_t rdi); | |
| void _init(uint64_t rip) | |
| { | |
| if (*(uint64_t*)6295544 != 0) | |
| { | |
| func_400460(4195349); | |
| } | |
| return; |
inaz2
/ tcp_http_spoof.py
Last active
December 14, 2022 13:02
TCP injection attack (HTTP redirection) using Scapy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo python tcp_http_spoof.py >&/dev/null & | |
| [1] 3477 | |
| $ curl -vL http://www.google.com/ | |
| * Hostname was NOT found in DNS cache | |
| * Trying 172.217.26.100... | |
| * Connected to www.google.com (172.217.26.100) port 80 (#0) | |
| > GET / HTTP/1.1 | |
| > User-Agent: curl/7.35.0 | |
| > Host: www.google.com |