Skip to content

Instantly share code, notes, and snippets.

View moyix's full-sized avatar

Brendan Dolan-Gavitt moyix

723 followers · 13 following
View GitHub Profile
@moyix
moyix / xbow_jenkins_rce.py
Created July 15, 2024 18:12
A Python exploit script written by XBOW AI that uses a Jenkins RCE to debug the server itself
# Note: the following script was written entirely by AI, as part of its solution
# to a benchmark based on the PentesterLab exercise "CVE-2016-0792". You can read
# the full trace here: https://xbow.com/#debugging--testing--and-refining-a-jenkins-remote-code-execution-exploit
# ----AI GENERATED CODE STARTS HERE----
import requests
import time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import xml.etree.ElementTree as ET
# Disable SSL warnings
@moyix
moyix / pybefore.py
Created April 28, 2024 21:03
Script to list the most recent version of a PyPI package released before a particular date
#!/usr/bin/env python3
import sys
import requests
from datetime import datetime, timezone
# Ok I'll be honest ChatGPT wrote the vast majority of this
# Use at your own risk
def get_latest_version_before_date(package_name, cutoff_date):
@moyix
moyix / README.md
Created March 8, 2024 22:45
Claude 3 writes a fuzzer for VRML files

C++ files are are from this GitHub repository, with a small modification by me to allow the parser to accept a filename on the command line:

https://github.com/alepapadop/vrml

genvrml_v*.py written by Claude 3 Opus.

The conversation was:

Initial Prompt

@moyix
moyix / gengif_spec.py
Created March 8, 2024 20:57
Claude's random GIF generator, based only on the GIF89a spec
from typing import BinaryIO
import random
import struct
def generate_random_input(out: BinaryIO):
# Generate Header
out.write(b'GIF89a') # GIF signature and version
# Generate Logical Screen Descriptor
screen_width = random.randint(1, 65535)
@moyix
moyix / gengif_nocode.py
Created March 8, 2024 16:13
Claude's random GIF generator, without seeing the parser code
from typing import BinaryIO
import random
import struct
def generate_random_input(out: BinaryIO):
# Generate a random width and height (between 1 and 1000)
width = random.randint(1, 1000)
height = random.randint(1, 1000)
# Write GIF header
@moyix
moyix / Makefile
Created March 8, 2024 05:26
Claude 3 writes a fuzzer
all: gifread gifread.asan gifread.ubsan gifread.coverage
gifread: gifdec.c gifread.c gifdec.h
$(CC) $(CFLAGS) -o $@ gifdec.c gifread.c $(LDFLAGS)
gifread.asan: gifdec.c gifread.c gifdec.h
$(CC) $(CFLAGS) -g -fsanitize=address -o $@ gifdec.c gifread.c $(LDFLAGS)
gifread.ubsan: gifdec.c gifread.c gifdec.h
$(CC) $(CFLAGS) -g -fsanitize=undefined -o $@ gifdec.c gifread.c $(LDFLAGS)
@moyix
moyix / DecompileToJson.java
Created January 27, 2024 06:16
Ghidra scripts to produce JSON files with decompilation / disassembly for each function in an binary
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.HashMap;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import ghidra.app.script.GhidraScript;
import ghidra.app.decompiler.DecompInterface;
@moyix
moyix / crackaddr_prompt.txt
Created January 22, 2024 19:28
Given the following program:
```
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define BUFFERSIZE 200
#define TRUE 1
#define FALSE 0
@moyix
moyix / gen_chat_html.py
Created November 15, 2023 23:18
Render LM-Studio Chat as HTML
import json
import argparse
import html
import os
from datetime import datetime
def generate_html(json_file, html_file="chat.html", metadata=None, date=None):
with open(json_file, 'r') as file:
data = json.load(file)
@moyix
moyix / basicbof.c
Created November 8, 2023 02:52
Buffer overflow with two ROP chains
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
// Build:
// gcc -gdwarf-4 -fcf-protection=none -no-pie -fno-stack-protector basicbof.c -o basicbof
// To give us a pop rdi gadget
void dosomething() {
int x = 0xc35f;