Lays L4ys

## WCTF_2018_searchme_exploit.cpp
// WCTF 2018 "searchme" task exploit
//
// Author:    Mateusz "j00ru" Jurczyk
// Date:      6 July 2018
// Tested on: Windows 10 1803 (10.0.17134.165)
//
// See also:  https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
#include <Windows.h>
#include <winternl.h>
#include <ntstatus.h>

## mostly_painless_cuckoo_sandbox_install.md

      
              1 file
            
          
              16 forks
            
          
              13 comments
            
          
              79 stars
            
          
                7MinSec
                / mostly_painless_cuckoo_sandbox_install.md
            
            
              Last active
              July 21, 2022 02:27
            
              
                Mostly painless Cuckoo Sandbox install
              
          
    How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way.  I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso
Build your Linux Cuckoo VM


Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:


100GB hard drive
2 procs
8 gigs of RAM


## admin.py
from django.contrib import admin
from .models import User

admin.site.register([User])

## download_pdb_database.py
import os
import re
import sys
import logging
import argparse
import subprocess

import requests


## spectre.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif

## textile.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              8 stars
            
          
                pzread
                / textile.md
            
            
              Last active
              October 22, 2022 13:13
            
          
    天衣無縫 ~ Fantastic Seamless Textile ~

When executing a ELF binary, Linux kernel will pass the memory address of PHDR(program header) to userspace by AT_PHDR entry of AUXV.
ld.so interpreter will parse the PHDR structure at memory addressAT_PHDR and resolve more ELF structures, such as dynamic section.
But Linux kernel wrongly calculate the PHDR address in memory.
NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);


## SystemCMD.cpp
#include "stdafx.h"
#include <windows.h>
#include <Winbase.h>
#include <Wtsapi32.h>
#include <Userenv.h>
#include <malloc.h>

#pragma comment(lib, "Wtsapi32.lib")
#pragma comment(lib, "Userenv.lib")

## README.md

      
              1 file
            
          
              23 forks
            
          
              9 comments
            
          
              277 stars
            
          
                kerryboyko
                / README.md
            
            
              Last active
              April 26, 2023 16:08
            
              
                VueJS Best Practices Guide
              
          
    Deverus Vue.js Style Guide

Guide for developing Vue.js applications.

v. 0.0.1

Vue.js is an amazing framework, which can be as powerful as Angular or React, the two big heavy hitters in the world of front-end frameworks.
However, most of Vue's ease-of-use is due to the use of Observables - a pattern that triggers re-renders and other function calls with the reassignment of a variable.

  
## main.c
// Original source link https://twitter.com/hFireF0X/status/887930221466443776
// If you are here from any other link - do know that they just steal original info without giving any credit to source
// This bug has been fixed in 16273 public build.
#include "global.h"

HINSTANCE  g_hInstance;
HANDLE     g_ConOut = NULL;
BOOL       g_ConsoleOutput = FALSE;
WCHAR      g_BE = 0xFEFF;

## test.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
@="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\""
	// WCTF 2018 "searchme" task exploit
	//
	// Author: Mateusz "j00ru" Jurczyk
	// Date: 6 July 2018
	// Tested on: Windows 10 1803 (10.0.17134.165)
	//
	// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
	#include <Windows.h>
	#include <winternl.h>
	#include <ntstatus.h>
	from django.contrib import admin
	from .models import User

	admin.site.register([User])
	import os
	import re
	import sys
	import logging
	import argparse
	import subprocess

	import requests
	#include <stdio.h>
	#include <stdlib.h>
	#include <stdint.h>
	#ifdef _MSC_VER
	#include <intrin.h> /* for rdtscp and clflush */
	#pragma optimize("gt",on)
	#else
	#include <x86intrin.h> /* for rdtscp and clflush */
	#endif
	#include "stdafx.h"
	#include <windows.h>
	#include <Winbase.h>
	#include <Wtsapi32.h>
	#include <Userenv.h>
	#include <malloc.h>

	#pragma comment(lib, "Wtsapi32.lib")
	#pragma comment(lib, "Userenv.lib")
	// Original source link https://twitter.com/hFireF0X/status/887930221466443776
	// If you are here from any other link - do know that they just steal original info without giving any credit to source
	// This bug has been fixed in 16273 public build.
	#include "global.h"

	HINSTANCE g_hInstance;
	HANDLE g_ConOut = NULL;
	BOOL g_ConsoleOutput = FALSE;
	WCHAR g_BE = 0xFEFF;
	Windows Registry Editor Version 5.00

	[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	@="Rundll32.exe SHELL32.DLL,ShellExec_RunDLL \"C:\\ProgramData\\test.exe\""