Souhail Hammou SouhailHammou
SouhailHammou
/ Avtr_ThreadProc.c
Created
March 28, 2017 18:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DWORD WINAPI Avtr_ThreadProc( pavtr_listelem Elem ) | |
| { | |
| if ( !Elem ) | |
| return 1; | |
| if ( Elem->technique == 0x80000000 ) | |
| { | |
| if ( Avtr_getKernelRoutines() ) | |
| { | |
| int priv_value = Elem->privilege_value; | |
| if ( ! --priv_value ) //1 => ordinary user |
SouhailHammou
/ Avtr_dllmain.c
Created
March 28, 2017 18:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*2nd level dropper : DLL main function*/ | |
| { | |
| /*[...]*/ | |
| pavtr_listelem Elem = gList; | |
| while ( Elem != NULL ) | |
| { | |
| HANDLE hThread = CreateThread(NULL,NULL,Avtr_ThreadProc,Elem,0); | |
| if ( ! hThread ) | |
| break; |
SouhailHammou
/ ndh2017_step4.py
Last active
May 15, 2023 17:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from idc import * | |
| from ctypes import c_uint32 | |
| def bruteforce_word(dword1,dword2): | |
| for i in range(0,256) : | |
| for j in range(0,256) : | |
| k = 0 | |
| result = c_uint32(0xffffffff) | |
| while k < 2 : | |
| if k == 0 : |
OlderNewer