Python scripts are often used to generate payloads for attacks, e.g. buffer overflows. Also, it is useful to send the payload to stdout, so that it can be redirected to the target process or, for different kinds of attacks, saved to a file. However, since Python 3 all strings (type str) are encoded in Unicode […]
Crosspost from Rants, Ideas, Stuff. 90% of the time I write my (or other people’s) exploits in Python. I try to structure my code in small easy to read methods. Like every developer does ;) Every exploit has at least one method which is called in a __name__ == ’__main__’ block, so it can be imported from […]
Due to the code listings and some blah, this write-up is quite lengthy. Prepare some coffee first. Deobfuscation The uranus service from iCTF 2013 (code) is a node.js service written by @kapravel which has to be deobfuscated. Using jsbeautifier.org we get a better look on the code: For more PITA, the authors used ternaries for […]
We will take part at this year’s Hack.LU CTF held again by the guys from FluxFingers. The CTF is challenge-based, requires no VPN, and there are also some nice prices to win! Hope to see you online at October 23–25!
Welcome to wizardsofdos.de. Prepare to be flooded with information (soon)!