Skip to content

Instantly share code, notes, and snippets.

View matthw's full-sized avatar

Matthieu Walter matthw

26 followers · 10 following
View GitHub Profile
@matthw
matthw / astral.py
Created July 28, 2023 15:00
solver for astral (ICMTC 2023)
from capstone import *
from unicorn import *
from unicorn.x86_const import *
from z3 import *
def get_code():
with open("Astral.exe", "rb") as fp:
fp.seek(0x122a)
@matthw
matthw / asc2023quals.md
Last active July 20, 2024 16:29
ASC Wargames 2023 Quals

Amber

File is packed, drop it in unpac.me, get unpacked PE. The PE does some antidebug checks and ends up doing some RC4 decryption of the flag. If the anti debug fails, the key will be incorrect.

patch the unpacked PE with EBFE after the RC4 so it does an infinite loop:

x = bytearray(open("daa6f5823995e8ffe4fd9de4f86358ec6e0b112c38c78c36f1ae0054277e43c8", "rb").read())
x[0x162b] = 0xeb
@matthw
matthw / barbhack_illusion.py
Created September 4, 2023 09:59
Solver for BarbHack 2023 illusion.exe challenge
from capstone import *
from unicorn import *
from unicorn.x86_const import *
from Crypto.Cipher import ARC4
from pwn import p32
import hashlib
import sys
DEBUG = True
@matthw
matthw / sideways.py
Created September 4, 2023 14:17
sideways - downunder CTF 2023
from capstone import *
from unicorn import *
from unicorn.x86_const import *
import string
# opcodes for hash from 0x001089be to 0x01094cf
# ain't no time to rewrite big ass hash alg and hope for it to be correct :)
code = b'\x89\xc8\xf6\xe2\x84\xc0\x74\xba\x48\x89\xb4\x24\xd0\x00\x00\x00\x89\xcd\xc1\xe5\x08\x44\x8d\x04\x29\x41\x89\xd2\x41\xc1\xe2\x10\x45\x09\xd0\x41\x89\xd1\x41\xc1\xe1\x18\x89\xce\xc1\xe6\x10\x45\x8d\x24\x31\x45\x8d\x1c\x2c\x41\x89\xcf\x41\xc1\xe7\x18\x44\x09\xfe\x44\x8d\x2c\x2e\x45\x09\xd7\x45\x8d\x34\x2f\x89\xd7\xc1\xe7\x08\x09\xfe\x45\x09\xca\x44\x09\xd5\x41\x09\xfa\x41\x09\xff\x44\x09\xe7\x43\x8d\x1c\x01\x81\xc3\x5b\x39\xae\x4d\x48\x89\x9c\x24\xd8\x01\x00\x00\x43\x8d\x9c\x01\xf3\xa9\x5a\x86\x48\x89\x9c\x24\xd0\x01\x00\x00\x43\x8d\x9c\x01\x5e\x26\x54\x36\x89\x9c\x24\xa4\x00\x00\x00\x43\x8d\x9c\x01\xdc\x63\xe7\x52\x48\x89\x9c\x24\xc8\x01\x00\x00\x41\x8d\x1c\x13\x48\x89\x9c\x24\xc0\x01\x00\x00\x42\x8d\x9c\x1a\x1b\xf5\xca\x22\x48\x89\x9c\x24\xb8\x01\x00\x00\x42\x8d\x9c\x1a\x5f\xb9\xd2\x17
@matthw
matthw / readme.md
Created October 23, 2023 13:59 — forked from Anime4000/readme.md
Linux Mail Server Postfix Dovecot Virtual User, no sql database

Linux Mail Server

In this guide, I will show you how to make a Linux Mail Server in fast and easy way. This guide was taken from tiq's tech-blog for recent version, Linux distro I using is Ubuntu 20.04 LTS

Certificate

Make sure you have Certificate and Key file ready to use.

You can use existing Web Server SSL certificate, since we going to use same domain, example.com.

If you plan to use mx.example.com or mail.example.com you need create another one for these.

@matthw
matthw / bpf_emu.py
Created January 8, 2024 07:18
Secure Computing (irisCTF 2024)
from z3 import *
# nop out ptrace() call and then run
# % seccomp-tools dump ./chal_patched -l 8 | grep -Pv "=======|CODE" > dis3.txt
s = Solver()
def add_cons(v):
# printable ascii