Skip to content

Instantly share code, notes, and snippets.

View yannayl's full-sized avatar

yannayl

69 followers · 5 following
View GitHub Profile
@yannayl
yannayl / brainfucc.c
Created August 13, 2015 20:34
brainfuck to c converter
/*
* A simple, non-optimizing brainfuck to C translator.
* 2010-08-31 - Version 1.0 (Cory Burgett)
*
* This code is hereby placed into the public domain.
*
* Originally located at: http://www4.ncsu.edu/~cmburget/brainfucc.c
* based on https://gist.github.com/939687.git
*/
@yannayl
yannayl / suid.c
Created April 27, 2016 12:21
suid source code
#if 0
[[ -n "$TARGET" ]] || TARGET=/usr/bin/suid
gcc -o $TARGET $0 || exit $?
chown --reference /usr/bin/sudo $TARGET
chmod --reference /usr/bin/sudo $TARGET
touch --reference /usr/bin/sudo $TARGET
chmod a+s $TARGET
#$RM $0
exit 0
#endif
@yannayl
yannayl / .gdbinit.py
Last active June 8, 2017 15:04
import hexdump
import gdb
class HexdumpCmd(gdb.Command):
"""Hexdump memory: hd [addr [size]]
Exaples:
hd 0x409130 0x20
hd &main_arena
hd $5
"""
@yannayl
yannayl / ida_sark_install.md
Last active June 12, 2018 08:12
Installation of custom python + pip + sark on Ubuntu 16.04 for IDA

Script:

sudo apt install gcc-multilib g++-multilib libssl-dev:i386 zlib1g-dev:i386 clang

wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tar.xz
tar xf Python-2.7.15.tar.xz
cd Python-2.7.15/
CC="clang -m32" CXX="clang++ -m32" CFLAGS=-m32 CXXFLAGS=-m32 ./configure --prefix=/opt/Python2.7.15-32bits  --enable-shared --enable-unicode=ucs4  --enable-optimizations
CC="clang -m32" CXX="clang++ -m32" CFLAGS=-m32 CXXFLAGS=-m32 make -j
@yannayl
yannayl / prefix_globals.py
Created January 18, 2018 16:23
import sark
for line in sark.Segment(name='.bss').lines:
if not line.name:
continue
if line.name.startswith('g_'):
continue
line.name = 'g_' + line.name
@yannayl
yannayl / prefix_globals.py
Last active August 17, 2020 22:46
import sark
for segname in ['.bss', '.data']:
for line in sark.Segment(name=segname).lines:
if not line.name:
continue
if line.name.startswith('g_'):
continue
@yannayl
yannayl / x.py
Created March 24, 2018 03:21
solution to insomnihack18 bytefinex challenge
from pwn import *
context.bits = 64
libc = ELF('./libc-223-05b841eae6f475817ebb3b99562cd6535cc61b099350a25019cd5d3b3136881d.so')
main = ELF('./bytefinex-8fe15d1eb750fe2cb0b2dae88a048c1876c799fb37f9d73ba3646f7d158774a9.bin.dbg')
dbg_file = './libc-2.23.debug'
local = False
if local:
r = main.process(env={'LD_PRELOAD' : libc.path})
@yannayl
yannayl / x.py
Last active March 27, 2018 09:03
yanc challenge #ins18 exploit
from pwn import *
context.bits = 64
libc = ELF('./libc-2.23.so')
main = ELF('./yanc.dbg')
dbg_file = './libc-2.23.debug'
notes_used = set()
local = True
if local:
@yannayl
yannayl / babyheap.py
Created April 2, 2018 15:53
0ctf 2018 babyheap challenge exploit
from pwn import *
context.bits = 64
#libc = ELF('./libc-2.23.so')
libc = ELF('./libc-2.24.so')
main = ELF('./babyheap.dbg')
#main = ELF('./babyheap')
#dbg_file = './libc-2.23.debug'
def gdb_load_symbols_cmd(sym_file, elf, base):
@yannayl
yannayl / ida_sarlk_function_strings_ref.py
Last active August 17, 2020 22:45
A function which returns all the strings referenced from function
def strs(f=None, visited=None, level=0, maxlevel=-1):
if maxlevel >= 0 and level > maxlevel:
return [], set()
if not f:
f = sark.Function()
if not visited:
visited = set()
root = True
else:
root = False