summaryrefslogtreecommitdiffstats
path: root/templates (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-02-27shellcode: Initialize envp to NULLMalfurious2-0/+2
This issue was discovered a while back, during one of the CTFs, and was particularly a problem with the 32-bit shellcode. Because the third kernel argument register was not being set by the payload, we would essentially pass garbage. I'm only committing this now, as I've recently been able to reproduce the related failure and demonstrate this patch working. I never actually observed the 64-bit shellcode fail for this reason on a target, but it is also patched for correctness. Argument 3 to execve() is the environment pointer, a pointer to array of strings to define the process's environment variables. Although this argument should point to an empty array (ptr to NULL) if empty, Linux allows the pointer itself to be NULL in this case - thus the xor of the register. Signed-off-by: Malfurious <m@lfurio.us>
2021-11-28Commit notes from Killer Queen CTF 2021Malfurious1-0/+55
Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Add Makefile for shellcode templatesMalfurious1-0/+17
The shell*.asm files are considered the default programs and the expected use-case for utilizing the templates is to edit these files to implement the desired shellcode. I figure that literal shellcode makes the most sense of what to expect by default. 'make all' will assemble and link the shellcode (so it can actually be directly executed via the output elf files), and feed the disassembly into shelltool for use elsewhere. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Refactor genhex into shelltoolMalfurious1-0/+30
For convenience, I've rewritten my old shellcode parser program in Python. It is moved to the shellcode templates dir and renamed to shelltool. As a new feature, shelltool will now check the result for NULL bytes and newline bytes that may cause problems in an exploit. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Add sys_exit shellcode templatesMalfurious2-0/+16
Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Add generic /bin/sh shellcode templatesMalfurious2-0/+29
Signed-off-by: Malfurious <m@lfurio.us>
2021-08-11Commit PHP request logging scriptMalfurious1-0/+49
Taken from github, see comment in file. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-10Commit brainfuck toolsMalfurious1-0/+1
The foremost tool in this collection is the brainfuck debugger. It was written to assist with the 'boring flag checker' problem from RaRCTF 2021, but has good potential for general-purpose use. The compiler and decompiler are much more niche, given brainfuck is not typically a compiled language. They are from the same CTF and, although highly problem-specific, are kept around for posterity. A hello world program is saved under templates as a quick sanity check for the tools as well as for reference purposes, should it become useful. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-01Adding Various Small Toolsdusoleil1-0/+35
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
2021-08-01Rename automation directory to templatesMalfurious1-0/+176
Signed-off-by: Malfurious <m@lfurio.us>
cgit-1.2.3-r5 | srcnode v0.4.0