This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| int | |
| main() | |
| { | |
| FILE *maps; | |
| void *vdso_begin, *vdso_end; | |
| maps = fopen("/proc/self/maps", "r"); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context(arch='i386', os='linux', log_level="info") | |
| DEBUG = False | |
| HOST = "cybergrandsandbox_e722a7ec2ad46b9fb8472db37cb95713.quals.shallweplayaga.me" | |
| PORT = 4347 | |
| def spliteach(x, n): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # The BSD License (http://www.opensource.org/licenses/bsd-license.php) | |
| # specifies the terms and conditions of use for checksec.sh: | |
| # | |
| # Copyright (c) 2009-2011, Tobias Klein. | |
| # All rights reserved. | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context(arch='i386', os='linux', log_level="info") | |
| HOST = args.get('HOST', "localhost") | |
| PORT = 4000 | |
| got_exit = 0x804A010 | |
| # account in the shellcode that when we overwrite prev/next | |
| # it may overwrite part of the shellcode, we want to jump over |
ocean1
/ GetProcAddr from PEB
Created
September 21, 2014 21:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00413CAB 5D POP EBP | |
| 00413CAC 81ED 38324000 SUB EBP,video.00403238 | |
| 00413CB2 64:8B1D 30000000 MOV EBX,DWORD PTR FS:[30] ;PEB | |
| 00413CB9 8B5B 0C MOV EBX,DWORD PTR DS:[EBX+C] ;PPEB_LDR_DATA, LoaderData | |
| 00413CBC 8B5B 1C MOV EBX,DWORD PTR DS:[EBX+1C] ;InInitializationOrderModuleList | |
| 00413CBF 8B1B MOV EBX,DWORD PTR DS:[EBX] ;get first loaded dll | |
| 00413CC1 8B5B 08 MOV EBX,DWORD PTR DS:[EBX+8] ;module base | |
| 00413CC4 89DA MOV EDX,EBX | |
| 00413CC6 8995 EB324000 MOV DWORD PTR SS:[EBP+4032EB],EDX | |
| 00413CCC 89D3 MOV EBX,EDX |
ocean1
/ equality check to avoid timing attacks
Created
May 19, 2014 14:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # took from here | |
| # http://codahale.com/a-lesson-in-timing-attacks/ | |
| def is_equal(a, b): | |
| if len(a) != len(b): | |
| return False | |
| result = 0 | |
| for x, y in zip(a, b): | |
| result |= x ^ y |
ocean1
/ disasmpy.py
Created
April 17, 2014 22:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import dis, marshal, struct, sys, time, types | |
| def show_file(fname): | |
| f = open(fname, "rb") | |
| magic = f.read(4) | |
| moddate = f.read(4) | |
| modtime = time.asctime(time.localtime(struct.unpack('<I', moddate)[0])) | |
| print "magic %s" % (magic.encode('hex')) | |
| print "moddate %s (%s)" % (moddate.encode('hex'), modtime) | |
| code = marshal.load(f) |
NewerOlder