Skip to content

Instantly share code, notes, and snippets.

View integeruser's full-sized avatar

Francesco Cagnin integeruser

49 followers · 0 following
View GitHub Profile
@integeruser
integeruser / extract-symbol-info-in-macho.py
Last active April 23, 2024 09:36
Extract symbols information (e.g. addresses) from Mach-O files
#!/usr/bin/env python3
import ctypes
LC_SYMTAB = 0x2
class mach_header_64(ctypes.Structure):
_fields_ = (
("magic", ctypes.c_uint32),
("cputype", ctypes.c_uint32),
@integeruser
integeruser / execute.py
Last active July 6, 2019 16:15
Use LIEF and ctypes to execute functions in executables from Python
#!/usr/bin/env python3
import ctypes
if __name__ == "__main__":
# $ ./export.py ./playground 0x0000000000000778 f3
playground = ctypes.CDLL("./playground-f1")
res = playground.f1(1, 2)
print(res)
print()
@integeruser
integeruser / enhance.py
Last active July 6, 2019 16:15
Enhance disassembly of the function surrounding the pc of the selected frame
#!/usr/bin/env python3
import collections
import random
import re
import shutil
import gdb
colors = {
'red': '\u001b[31m',
@integeruser
integeruser / flags.py
Last active July 6, 2019 16:15
Retrieve back names of header file constants
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
#
# Retrieve back names of header file constants
#
# $ ./flags.py PROT 5
# PROT_EXEC 0x4
# PROT_NONE 0x0
# PROT_READ 0x1
# PROT_WRITE 0x2
@integeruser
integeruser / ashell.py
Last active July 6, 2019 16:16
A shellcoding helper
#!/usr/bin/env python3
import argparse
import os
import re
import subprocess
import tempfile
BAD_BYTES = {0x00, 0x0a, 0x0d}
@integeruser
integeruser / s-rand.py
Last active September 24, 2023 14:09
Python port of the GLIBC rng
#!/usr/bin/env python2
from ctypes import c_int, c_uint
# http://www.mscs.dal.ca/~selinger/random/
def srand(seed):
srand.r = [0 for _ in range(34)]
srand.r[0] = c_int(seed).value
for i in range(1, 31):
@integeruser
integeruser / readlines.cpp
Last active July 6, 2019 16:12
Benchmarking different ways of reading lines from a file
#include <algorithm>
#include <cassert>
#include <cstddef>
#include <cstdint>
#include <cstdlib>
#include <chrono>
#include <fstream>
#include <iomanip>
#include <iostream>
#include <string>
@integeruser
integeruser / wrapper.py
Last active July 6, 2019 16:00 — forked from xire-/wrapper_template.py
Normalize environment when running a program with and without GDB
#!/usr/bin/python2
def exploit():
payload = '\xde\xad\xbe\xef'
return payload
# Usage: in gdb, execute `set exec-wrapper ./wrapper.py`
# Set arguments and environment variables for the program
# arg0 (real path of the executable to run) is set automatically
args = ['arg1', exploit(), 'arg3']
@integeruser
integeruser / gdb-cheat-sh*t.md
Last active August 10, 2024 15:50
A summary of the official GDB documentation

GDB Cheat Sh*t

gdb [options] [PROGRAM [COREFILE or PID]] gdb [options] --args PROGRAM [INFARGS...] to pass any arguments after the executable file to the inferior

Options
  • --silent [or -q/--quiet] to start without printing the front material
  • --core COREFILE [or -c] to analyze a core dump
  • --pid PID [or -p] to debug a running process (as with the attach command)
  • --command EXECFILE [or -x] to execute commands from file (as with the source command)
@integeruser
integeruser / exit-on-EOF.c
Last active July 6, 2019 16:17
Preload read() to exit() on EOF
#define _GNU_SOURCE
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
/* gcc -shared -fPIC exit-on-EOF.c -o exit-on-EOF.so -ldl */
/* LD_PRELOAD=./exit-on-EOF.so ./test */
/* AFL_PRELOAD=./exit-on-EOF.so afl-fuzz -i in -o out -n -- ./test */
typedef int (*orig_read_f_type)(int fd, void *buf, int count);