mrtc0

すごい広島 #82

issue #1397

PEDAを使ってみた

DEP,SSP,ASLR無効の状態でsuidなvulnで試した.
最終的にsecret.txtを読み出すことをゴールとした.

mrtc0

#!/usr/bin/env python
# coding=utf-8

import feedparser
import datetime

# rss2.php https://sites.google.com/site/syobocal/spec/rss2-php
url = 'http://cal.syoboi.jp/rss2.php?usr=mrtc0&titlefmt=$(Mark)%20[$(ChName)]%20$(Title)%20$(SubTitleB)'

item = feedparser.parse(url)

mrtc0

#!/usr/bin/python3

import random

chars = "abcdefghijklmnopqrstuvwxyziABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890^?!?$%&/()=?`'+#*'~';:_,.-<>|"
password = ""

print("Use Char list = %s \n" % chars)

length = int(input("[*] Input Password Length: "))

mrtc0

mrtc0

import sys
import SimpleHTTPServer 
import SocketServer
import cgi
import logging

class Honey(SimpleHTTPServer.SimpleHTTPRequestHandler):

    def do_GET(self):
        logging.error(self.headers)

mrtc0

#####
# 2015.5.7
# sshd_configのテンプレート
# OpenSSH_6.8p1で動作確認
# rootユーザーのログインを拒否
# 公開鍵認証 + password認証の2段階認証
# さらに強固にしたいならGoogle認証システムを使った2段階認証にしたりする
# 転送機能をすべて禁止
# 暗号方式をAESに限定
# TCP Keep Aliveではなく, ClientAliveを使用

mrtc0

import string, hashlib, re, itertools

for word in itertools.imap(''.join, itertools.product(string.uppercase + string.lowercase + string.digits, repeat=8)):
    if re.match(r'0+[eE]+\d+$', hashlib.sha1(word).hexdigest()):
        print word

mrtc0

import networkx as nx
from scapy.all import *
import matplotlib.pyplot as plt

# 無向グラフを作成
g = nx.Graph()

# 自分のIPアドレスを取得
myip =  [x[4] for x in conf.route.routes if x[2] != '0.0.0.0'][0]

mrtc0

local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
local json = require "json"

description = [[
Get to recorded full-title from Chinachu
]]

mrtc0

#!/usr/bin/python
from gi.repository import Notify
Notify.init ("Hello world")
Hello=Notify.Notification.new ("Hello world","This is an example notification.","dialog-information")
Hello.show ()