This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python3 | |
''' | |
Needs Requests (pip3 install requests) | |
Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# encoding: utf-8 | |
def hash_djb2(s): | |
hash = 5381 | |
for x in s: | |
hash = (( hash << 5) + hash) + ord(x) | |
return hash & 0xFFFFFFFF | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------------------------- | |
<WinProcess "smss.exe" pid 368 at 0x5306908L> | |
64 | |
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000 | |
-------------------------------------------------------------------------------- | |
<WinProcess "csrss.exe" pid 472 at 0x5306e48L> | |
64 | |
Interfaces : | |
Endpoints : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _CRT_SECURE_NO_WARNINGS | |
#include <iostream> | |
#include <windows.h> | |
#include <psapi.h> | |
typedef struct _PS_ATTRIBUTE { | |
ULONG Attribute; | |
SIZE_T Size; | |
union { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// memBruteforce.cpp by aaaddress1@chroot.org | |
// brute search loaded moudules in memory | |
// rewrite from https://www.exploit-db.com/exploits/45293 | |
#include <Windows.h> | |
#include <iostream> | |
#pragma warning(disable:4996) | |
bool isMemExist(size_t addr) { | |
int retv; | |
__asm { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo); | |
typedef VOID(__stdcall* Shellcode)(); | |
LPBYTE ShellcodeBuffer; | |
ULONG_PTR PreviousOffset; | |
ULONG_PTR CurrentOffset; | |
ULONGLONG InstructionCount; | |
DWORD dwOld; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Disable Windows Defender | |
# From https://github.com/jeremybeaume/tools/blob/master/disable-defender.ps1 | |
<# | |
Options : | |
-Delete : delete the defender related files (services, drivers, executables, ....) | |
Source : https://bidouillesecurity.com/disable-windows-defender-in-powershell |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdint.h> | |
#include <stdbool.h> | |
#include <stdio.h> | |
#include <sal.h> | |
#include <assert.h> | |
#ifdef _X86_ | |
#error "This snippet only build in 64-bit due to heavy use of uintptr arithmetics." | |
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
================================ Compile as a .Net DLL ============================== | |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
*/ | |
using System.Windows.Forms; | |
namespace TestNamespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script needs mingw installed | |
# Convert a .rc resource script input file to a .res binary resource output file | |
x86_64-w64-mingw32-windres -J rc -i Resource.rc -O res -o Resource.res | |
# Convert a .res binary resource input file to a COFF object output file | |
x86_64-w64-mingw32-windres -J res -i Resource.res -O coff -o Resource.o |