jsanders

# Public: Represent and manipulate arbitrary data.
class Blob
  # Public: Create Blob from an array of bytes.
  #
  # bytes - The Array of numbers in the range [0, 255]
  #
  # Examples
  #   Blob.new([ 97, 98, 99, 100 ]).to_str
  #   # => "abcd"
  #   Blob.from_str([ 97, 98, 99, 100 ]).to_hex

jsanders

MIT License

Copyright (c) 2017 Martin Buberl

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

jsanders

Stripe CTF 1.0

Level 1

Ok, start by ssh-ing to [email protected] with password w5kjAsSKEjCT. Our goal is to read the file .password from the level02 user's home directory: /home/level02. Let's look for low-hanging fruit - maybe we can just read the file directly:

jsanders

from os import pipe, write, close
from subprocess import Popen, PIPE
import select
import string
import sys

PIPE_MAX = 1<<16 # 64k
WELCOME_LEN = len("Welcome to the password checker!\n")

def args(guess):

jsanders

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; A nice, small 32-bit x86 execve shellcode template. ;
; execve("//bin/sh", [ "//bin/sh", NULL ], [ NULL ]). ;
; Shellcode itself is 25 bytes.                       ;
; Provide definitions of PayloadSize and JumpAddress  ;
; to generate a self-contained buffer of the desired  ;
; size and with the desired address to jump to.       ;
; Build with "nasm -f bin -o shellcode shellcode.asm" ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

jsanders

# Extended Euclidean GCD algorithm
# Outputs k, u, and v such that ua + vb = k where k is the gcd of a and b
def egcd(a, b)
  u_a, v_a, u_b, v_b = [ 1, 0, 0, 1 ]
  while a != 0
    q = b / a
    a, b = [ b - q*a, a ]
    u_a, v_a, u_b, v_b = [ u_b - q*u_a, v_b - q*v_a, u_a, v_a ]
    # Each time, `u_a*a' + v_a*b' = a` and `u_b*a' + v_b*b' = b`
  end

jsanders

use std::rt::io::{Reader, Writer};
use std::rt::io::net::ip::{Ipv4Addr,SocketAddr};
use std::rt::io::net::tcp::TcpStream;
use std::str;

trait ToUintSafe {
  fn to_uint_safe(&self) -> Option<uint>;
}

impl ToUintSafe for int {

jsanders

fn flip<T>(f: ~fn(a: T, b: T)) -> ~fn(a: T, b: T) {
  |a, b| { f(b, a) }
}

fn hello_world(hello: &str, world: &str) {
  println!("{:s}, {:s}!", hello, world)
}

#[test]
fn test_flip() {

jsanders

// Compile with `g++ -framework GLUT glut_hello_world.cpp`

#include <GLUT/glut.h>

void display(void) { }

int main(int argc, char** argv) {
  glutInit(&argc, argv);
  glutInitDisplayMode(GLUT_DOUBLE | GLUT_RGB | GLUT_DEPTH);

jsanders

if Rails.env.development?
  require 'active_record/connection_adapters/postgresql_adapter'

  class ActiveRecord::ConnectionAdapters::PostgreSQLAdapter
    def __explain_analyze(sql, command, *args)
      meth = "#{command}_without_explain_analyze".to_sym
      if /\A\s*SELECT/i.match(sql)
        newsql = "EXPLAIN ANALYZE #{sql}"
        plan = send(meth, newsql, *args).map { |row| row['QUERY PLAN'] }.join("\n")
        Rails.logger.debug("\e[1m\e[31mQUERY PLAN FOR: #{sql.strip};\n#{plan}\e[0m")