Skip to content

Instantly share code, notes, and snippets.

View saelo's full-sized avatar

Samuel Groß saelo

1.2k followers · 2 following
  • Zürich, Switzerland
  • X @5aelo
View GitHub Profile
@saelo
saelo / .tmux.conf
Last active September 17, 2015 10:00
tmux configuration
#
# ~~~~~ Prefix ~~~~~
#
# change prefix to ctrl-a
set -g prefix C-a
bind C-a send-prefix
bind a send-prefix
unbind C-b
@saelo
saelo / .zshrc
Last active January 10, 2017 16:01
zsh configuration
#Path to your oh-my-zsh configuration.
ZSH=$HOME/.oh-my-zsh
# Set name of the theme to load.
# Look in ~/.oh-my-zsh/themes/
ZSH_THEME="agnoster"
# Set to this to use case-sensitive completion
# CASE_SENSITIVE="true"
@saelo
saelo / .vimrc
Last active August 17, 2016 09:21
vim configuration
"
" Vundle
"
set nocompatible " be IMproved
filetype off " required, reverted below
" set the runtime path to include Vundle and initialize
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#begin()
@saelo
saelo / keybase.md
Created October 20, 2014 10:13

Keybase proof

I hereby claim:

  • I am saelo on github.
  • I am saelo (https://keybase.io/saelo) on keybase.
  • I have a public key whose fingerprint is 2F05 A99F 01E0 E53D 5561 292F 8CB5 49AE F236 11B4

To claim this, I am signing this object:

@saelo
saelo / decorator.go
Created March 8, 2015 19:45
Decorators in Go
package main
import (
"fmt"
"reflect"
)
func Decorate(impl interface{}) interface{} {
fn := reflect.ValueOf(impl)
@saelo
saelo / pwn.py
Last active August 29, 2015 14:17
Solution for "mashed_potato", Codegate CTF 2015
#!/usr/bin/env python
#coding: UTF-8
import struct
import socket
import telnetlib
import time
import sys
import re
@saelo
saelo / phpcoll.c
Created May 4, 2015 21:58
Find php md5 collisions
/*
* Find php md5 collisions (var_dump(md5('240610708') == md5('QNKCDZO'));)
*
* gcc -Ofast -std=c99 -lcrypto -o phpcoll phpcoll.c
*
* Copyright (c) 2015 Samuel Groß
*/
#include <stdio.h>
#include <unistd.h>
@saelo
saelo / sploit.c
Created June 24, 2015 08:40
Exploit for nemo2
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <signal.h>
#include <pty.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
@saelo
saelo / writeup.txt
Last active June 14, 2017 19:55
No comment... again...
# No comment... again...
Playing around with gdb attached to the binary running under wine on Linux, we
search for some of the strings that are printed when running the binary. Near
those, we find a string that looks much like ascii art and ends with a '}', so
this must be the flag. Unfortunately, the string only contains the last few
characters, the start seems to have been overwritten. It appears like the
string has been freed, and the front parts reclaimed by the heap allocator.
Switching to Windows, we set a conditional breakpoint on msvcrt!free which
@saelo
saelo / pwn.py
Last active December 15, 2019 23:35
Solution for "assignment" of GoogleCTF 2017
#!/usr/bin/env python3
#
# Exploit for "assignment" of GoogleCTF 2017
#
# CTF-quality exploit...
#
# Slightly simplified and shortened explanation:
#
# The bug is a UAF of one or both values during add_assign() if a GC is
# triggered during allocate_value(). The exploit first abuses this to leak a