Start Chrome with the following flags:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
--remote-debugging-port=9222
--remote-debugging-address=0.0.0.0
Ridter
/ test_dll.c
Created
April 11, 2024 16:46
— forked from Homer28/test_dll.c
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
Ridter
/ Generic keys
Created
December 26, 2023 02:14
— forked from h4x0r-dz/Generic keys
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
Ridter
/ macapp.go
Created
October 27, 2023 06:51
— forked from mholt/macapp.go
Distribute your Go program (or any single binary) as a native macOS application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Package main is a sample macOS-app-bundling program to demonstrate how to | |
| // automate the process described in this tutorial: | |
| // | |
| // https://medium.com/@mattholt/packaging-a-go-application-for-macos-f7084b00f6b5 | |
| // | |
| // Bundling the .app is the first thing it does, and creating the DMG is the | |
| // second. Making the DMG is optional, and is only done if you provide | |
| // the template DMG file, which you have to create beforehand. | |
| // | |
| // Example use: |
Ridter
/ Instructions.md
Created
June 20, 2023 02:36
— forked from NotMedic/Instructions.md
Headless Remote Chrome Debugging - Ichabod Chrome :)
Ridter
/ Pwn2Own2021MSExchangeExploit.py
Created
January 4, 2023 09:07
— forked from rskvp93/Pwn2Own2021MSExchangeExploit.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import re | |
| import xml.dom.minidom | |
| import json | |
| import uuid | |
| import struct | |
| import string | |
| import random | |
| import hashlib | |
| import time |
Ridter
/ examples.txt
Created
January 26, 2022 02:14
— forked from JohnLaTwC/examples.txt
comsvcs MiniDump examples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| By @JohnLaTwC | |
| References: | |
| https://risksense.com/blog/hidden-gems-in-windows-the-hunt-is-on/ by Jenna Magius and Nate Caroe (@RiskSense) | |
| https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/ | |
| https://twitter.com/SBousseaden/status/1407742041170268166 - Calling MiniDump export by ordinal examples: (comsvcs,#24) | |
| Detection Examples: | |
| "C:\Windows\System32\rundll32.exe" C:\Windows\System32\comsvcs.dll MiniDump <PID> \Windows\Temp\<filename>.dmp full |
Ridter
/ writeup.md
Created
January 1, 2022 03:12
— forked from loknop/writeup.md
Solving "includer's revenge" from hxp ctf 2021 without controlling any files
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.
Ridter
/ rwxHunter.cs
Created
November 8, 2021 08:55
— forked from nicholasmckinney/rwxHunter.cs
Locate a RWX Region in memory in InstallUtil.exe - Copy Shellcode Into It and Execute. Avoid VirtuallAlloc Call
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
Ridter
/ dfs_classloader.java
Created
June 18, 2021 07:55
— forked from fnmsd/dfs_classloader.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| import java.io.PrintWriter; | |
| import java.lang.reflect.Field; | |
| import java.lang.reflect.InvocationTargetException; | |
| import java.lang.reflect.Method; | |
| import java.util.HashSet; | |
| import java.util.Scanner; |
Ridter
/ FindClass_final.java
Created
June 18, 2021 07:45
— forked from fnmsd/FindClass_final.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Author:fnmsd | |
| //Blog:https://blog.csdn.net/fnmsd | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.lang.reflect.Field; | |
| import java.util.HashSet; | |
| import java.util.Scanner; | |
| public class a { |
NewerOlder