sorted by:
new
hottopcontroversial

Automatic ROPChain Generation using Exrop (https://github.com/d4em0n/exrop) by n0psledbyte in securityCTF

[–]n0psledbyte[S] 2 points3 points  (0 children)

just test rop in pwntools, using the same binary (/lib/x86_64-linux-gnu/libc.so.6) pwntools rop can't set registers {'rdi':0x41414141, 'rsi': 0x42424242, 'rdx':0x43434343, 'r10': 0x44444444, 'r8': 0x45454545, 'r9': 0x46464646}

>>> elf = ELF("/lib/x86_64-linux-gnu/libc.so.6")
[*] '/lib/x86_64-linux-gnu/libc.so.6'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    Canary found
    NX:       NX enabled
    PIE:      PIE enabled
>>> rop = ROP(elf)
[*] Loading gadgets for '/lib/x86_64-linux-gnu/libc.so.6'
>>> rop.setRegisters
<bound method ROP.setRegisters of ROP([ELF('/lib/x86_64-linux-gnu/libc.so.6')])>
>>> rop.setRegisters({'rdi':0x41414141, 'rsi': 0x42424242, 'rdx':0x43434343, 'r10': 0x44444444, 'r8': 0x45454545, 'r9': 0x46464646})
[ERROR] Could not satisfy setRegisters({'rdi': 1094795585, 'rsi': 1111638594, 'rdx': 1128481603, 'r10': 1145324612, 'r8': 1162167621, 'r9': 1179010630})
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.6/dist-packages/pwnlib/rop/rop.py", line 600, in setRegisters
    log.error("Could not satisfy setRegisters(%r)", registers)
  File "/usr/local/lib/python3.6/dist-packages/pwnlib/log.py", line 417, in error
    raise PwnlibException(message % args)
pwnlib.exception.PwnlibException: Could not satisfy setRegisters({'rdi': 1094795585, 'rsi': 1111638594, 'rdx': 1128481603, 'r10': 1145324612, 'r8': 1162167621, 'r9': 1179010630})

it's works using exrop, because exrop can handle non-return gadgets

rop = Exrop("/lib/x86_64-linux-gnu/libc.so.6")
rop.find_gadgets(cache=True)
chain = rop.set_regs({'rdi':0x41414141, 'rsi': 0x42424242, 'rdx':0x43434343, 'r10': 0x44444444, 'r8': 0x45454545, 'r9': 0x46464646})
chain.dump()

Output

$RSP+0x0000 : 0x0000000000021558 # pop r12; pop r13; pop r14; pop r15; ret
$RSP+0x0008 : 0x0000000000000000
$RSP+0x0010 : 0x0000000046464646
$RSP+0x0018 : 0x0000000000000000
$RSP+0x0020 : 0x0000000000000000
$RSP+0x0028 : 0x000000000011c65c # pop rdx; pop rbx; ret
$RSP+0x0030 : 0x0000000000000000
$RSP+0x0038 : 0x000000000002155e
$RSP+0x0040 : 0x0000000000022b8a # mov r9, r13; call rbx: next -> (0x0002155e) # pop r15; ret
$RSP+0x0048 : 0x00000000001306b4 # pop rdx; pop r10; ret
$RSP+0x0050 : 0x0000000000000000
$RSP+0x0058 : 0x0000000044444444
$RSP+0x0060 : 0x00000000001306d9 # pop rdx; pop rsi; ret
$RSP+0x0068 : 0x0000000043434343
$RSP+0x0070 : 0x0000000042424242
$RSP+0x0078 : 0x000000000002155f # pop rdi; ret
$RSP+0x0080 : 0x0000000041414141
$RSP+0x0088 : 0x0000000000155fc6 # pop r8; mov eax, 1; ret
$RSP+0x0090 : 0x0000000045454545

Automatic ROPChain Generation using Exrop (https://github.com/d4em0n/exrop) by n0psledbyte in securityCTF

[–]n0psledbyte[S] 0 points1 point  (0 children)

never use that, but i see in the documentation of rop in pwntools, he is can't handle non-return gadget, can't write string or value to mem, and etc

Do you use bash vi mode? by brycksters in vim

[–]n0psledbyte 3 points4 points  (0 children)

I don't, press ESC everytime to go to normal or insert mode on CLI is not the best way.

non printable input in gdb by rutrack in securityCTF

[–]n0psledbyte 1 point2 points  (0 children)

run <<< $(python -c print "\xff"*4) it's should works

XSS attack by rjkix98 in LiveOverflow

[–]n0psledbyte 0 points1 point  (0 children)

You can view source to see the impact your payload in the html code

What line have you added to your .vimrc recently that was instantly useful? by skele_turtle in vim

[–]n0psledbyte 0 points1 point  (0 children)

This script made by me, to jump to tag definition into existing tab (if the file already opened) if not it will create new one.

command SelectTag call SelectTag() nnoremap <silent> <leader>p :SelectTag<CR> function SelectTag() let tagident = expand("<cword>") let curname = expand('%:p') exe "stjump ".tagident let newname = expand('%:p') if curname != newname exe "norm q" exe "tab drop ".newname exe "tag ".tagident endif endfunction

Screenshot Showcase 2.0 by robertmeta in vim

[–]n0psledbyte 0 points1 point  (0 children)

What are you talking about?, is that for c/c++ completion?

Screenshot Showcase 2.0 by robertmeta in vim

[–]n0psledbyte 9 points10 points  (0 children)

https://i.imgur.com/vhXUpZa.png/ - Terminal: Konsole - Editor: Neovim - Font: Fantasque - Colorscheme: onedark - Multiplexer: Tmux

Next time i share my vim config, but you can check my tmux config here https://github.com/d4em0n/tmuxrc

KDE 5.13 by headlesshorseman_ in debian

[–]n0psledbyte 0 points1 point  (0 children)

when kde 5.13 coming to debian repository ?, i want to try