- Disclamair
- House Of Roman
------> 2.1 Assumptions
------> 2.2 Protections
------> 2.3 Quick Walkthrough
------> 2.4 Setting the FD to malloc_hook
------> 2.5 Fixing the 0x71 freelist
------> 2.6 Unsorted Bin attack on malloc_hook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* So how does this work? | |
I'm using ANSI escape sequences to control the behavior of the terminal while | |
cat is outputting the text. I deliberately place these control sequences inside | |
comments so the C++ compiler doesn't try to treat them as code.*/ | |
//[2K[2D[A[2K[A[2K[A[2K[A[2K[A | |
/*The commands in the fake code comment move the cursor to the left edge and | |
clear out the line, allowing the fake code to take the place of the real code. | |
And this explanation uses similar commands to wipe itself out too. */ | |
//[2K[2D[A[2K[A[2K[A[2K[A | |
#include <cstdio> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import asyncio | |
import time | |
import socket | |
import argparse | |
import aiohttp | |
class MyConnector(aiohttp.TCPConnector): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
from pwn import * | |
context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
# libc = ELF('./libc64.so') | |
elf = ELF('./the_end') | |
context(os='linux', arch=elf.arch) | |
# context(log_level='debug') # output verbose log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# encoding: utf-8 | |
#flag{Seize it, control it, and exploit it. Welcome to the House of Storm.} | |
import itertools | |
from hashlib import sha256 | |
from pwn import remote, process, ELF | |
from pwn import context | |
from pwn import p32,p64,u32,u64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from msvcrt import get_osfhandle | |
from ctypes.wintypes import * | |
from ctypes import * | |
import os | |
import struct | |
if sizeof(c_ulong) == sizeof(c_void_p): | |
ULONG_PTR = c_ulong | |
elif sizeof(c_ulonglong) == sizeof(c_void_p): |
Licensed to: ASIO Allsoftinone Quantity: 1 user Serial number: 1822-9597 License type: Pro Edition for Linux
First delete away trial mode:
sudo sed -i "s/keexjEP3t4Mue23hrnuPtY4TdcsqNiJL-5174TsUdLmJSIXKfG2NGPwBL6vnRPddT7tH29qpkneX63DO9ECSPE9rzY1zhThHERg8lHM9IBFT+rVuiY823aQJuqzxCKIE1bcDqM4wgW01FH6oCBP1G4ub01xmb4BGSUG6ZrjxWHJyNLyIlGvOhoY2HAYzEtzYGwxFZn2JZ66o4RONkXjX0DF9EzsdUef3UAS+JQ+fCYReLawdjEe6tXCv88GKaaPKWxCeaUL9PejICQgRQOLGOZtZQkLgAelrOtehxz5ANOOqCaJgy2mJLQVLM5SJ9Dli909c5ybvEhVmIC0dc9dWH+/N9KmiLVlKMU7RJqnE+WXEEPI1SgglmfmLc1yVH7dqBb9ehOoKG9UE+HAE1YvH1XX2XVGeEqYUY-Tsk7YBTz0WpSpoYyPgx6Iki5KLtQ5G-aKP9eysnkuOAkrvHU8bLbGtZteGwJarev03PhfCioJL4OSqsmQGEvDbHFEbNl1qJtdwEriR+VNZts9vNNLk7UGfeNwIiqpxjk4Mn09nmSd8FhM4ifvcaIbNCRoMPGl6KU12iseSe+w+1kFsLhX+OhQM8WXcWV10cGqBzQE9OqOLUcg9n0krrR3KrohstS9smTwEx9olyLYppvC0p5i7dAx2deWvM1ZxKNs0BvcXGukR+/g" /usr/lib/beyondcompare/BCompare
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var GB2260 = { | |
"110000": "北京市", | |
"110100": "北京市市辖区", | |
"110101": "北京市东城区", | |
"110102": "北京市西城区", | |
"110103": "北京市崇文区", | |
"110104": "北京市宣武区", | |
"110105": "北京市朝阳区", | |
"110106": "北京市丰台区", | |
"110107": "北京市石景山区", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <stdint.h> | |
#ifdef _MSC_VER | |
#include <intrin.h> /* for rdtscp and clflush */ | |
#pragma optimize("gt",on) | |
#else | |
#include <x86intrin.h> /* for rdtscp and clflush */ | |
#endif |
NewerOlder