Pwnshop

Reverse Engineering, Exploitation & Crypto.

Check out my blog, follow me on Twitter and Youtube!

Support the project :

<a href="https://www.buymeacoffee.com/syscall59" target="_blank"><img src="https://bmc-cdn.nyc3.digitaloceanspaces.com/BMC-button-images/custom_images/orange_img.png" alt="Buy Me A Coffee" style="height: auto !important;width: auto !important;" ></a>

Contents:

• Reverse engineering a simple crackme called “Just see”: writeup

• Reverse engineering a level 1 crackme "Easy_firstCrackme-by-D4RK_FL0W": writeup

• Utility - Object/Executable file to shellcode converter script: code

• Utility - Assembly and link script : code

• Utility - Shellcode testing skeleton generator : code

• Utility - GDB python script template : code

• Exit syscall asm: code

• Write syscall "Hello world!": code

• Execve shellcode (dynamic addressing) code

• Ret2libc exploit for protostar stack6 challenge : code

• Exploit for protostar stack7 challenge (Smallest ROP chain): code

• Exploit for VUPlayer 2.49 (no DEP) local buffer overflow: code, writeup

• Execve shellcode (stack method) : code

• Execve shellcode using RIP relative addressing code

• Password Protected Bind Shell (Linux/x64) code, writeup

• Password Protected Reverse Shell (Linux/x64) code, writeup, Featured in the 1st number of Paged-Out

• XANAX - A custom shellcode encoder written in assembly :

  • encoder code
  • encoder on exploit-db
  • encoder on packetstormsecurity
  • decoder code
  • decoder on exploit-db
  • decoder on packetstormsecurity
  • writeup

• A more generic (and somewhat extensible) encoder skeleton written in Go code

• Gocryper : A custom AES shellcode crypter written in Go code, writeup

• A basic Polimorphic Engine written in Go code, writeup

• Egg-hunter shellcode (Linux/x64) code, writeup

• Password Protected Reverse Shell (Linux/ARMv6)

  • code
  • writeup
  • payload on packetstormsecurity
  • payload on exploit-db

• MalwareTech's String Challenges crackmes: writeup

• MalwareTech's Shellcode Challenges crackmes: writeup

• DEFCON Qualys 2019 : Speedrun-001 exploit (Stack-based bof + ROP): code

• Solution for the crackme "Crackme2-be-D4RK_FL0W" writeup

• Solution for the crackme "Crack3-by-D4RK_FL0W" :

  • Option 1 - Using r2 macros to extract the PIN: code
  • Option 2 - Using GEF and unicorn-engine emulation to bruteforce the PIN: code
  • Blog post exploring both options: writeup

• Utility - r2frida Cheatsheet: writeup

• Solution for the crackme "alien_bin" writeup

• Automated solutions for the crackme "mexican": writeup, script solution 1: carving, script solution 2: patching

• Writeup for the crackme "crackme_by_coulomb" (.net): writeup

• Writeup for the crackme "shadows_registerme" (.net): writeup

• Writeup for the crackme "removemytrial_by_coulomb" (.net): writeup

• Writeup for the crackme "Get The Password": writeup, code (keygen)

• Cyptopals Solutions: Set 1, Challenge 1. "Convert hex to base64": code

• Cyptopals Solutions: Set 1, Challenge 2. "Fixed XOR": code

• Cyptopals Solutions: Set 1, Challenge 3. "Single-byte XOR cipher": code

• Cyptopals Solutions: Set 1, Challenge 4. "Detect single-character XOR": code

• Cyptopals Solutions: Set 1, Challenge 5. "Implement repeating-key XOR": code

• Cyptopals Solutions: Set 1, Challenge 6. "Break repeating-key XOR": code

• Cyptopals Solutions: Set 1, Challenge 7. "AES in ECB mode": code

• Cyptopals Solutions: Set 1, Challenge 8. "Detect AES in ECB mode": code

• Cyptopals Solutions: Set 2, Challenge 9. "Implement PKCS#7 padding": code

• Cyptopals Solutions: Set 2, Challenge 15. "PKCS#7 padding validation": code

Useful links:

Tools:

A non-exhaustive list of tools

• radare2 (+Cutter +r2frida +r2pipe +[r2ghidra-dec](https://github.com/radareorg/