Skip to content

Instantly share code, notes, and snippets.

View TheCjw's full-sized avatar
💭
I may be slow to respond.

TheCjw TheCjw

💭
I may be slow to respond.
222 followers · 105 following
View GitHub Profile
@TheCjw
TheCjw / ITPubDownloader.user.js
Last active July 24, 2016 16:19
// ==UserScript==
// @name ITPub downloader
// @author TheCjw
// @description test
// @namespace http://github.com/thecjw
// @updateURL
// @downloadURL
// @include http://www.itpub.net/*
// @version 1.03
// @require http://libs.useso.com/js/jquery/2.1.1/jquery.min.js
@TheCjw
TheCjw / seh_xp.c
Created March 26, 2014 15:26
http://www.sota.gen.nz/veh/seh_xp.txt
/*
* exception handling routines (xp 32-bit, partial/incomplete)
*
* ntdll 5.1.2600.5755
* v2 (updated jan 2011)
*
* - hawkes <hawkes@sota.gen.nz>
*
* useful link: http://www.eeye.com/html/resources/newsletters/vice/VI20060830.html
*
@TheCjw
TheCjw / veh_7.c
Created March 26, 2014 15:29
http://www.sota.gen.nz/veh/veh_7.txt
typedef struct _LdrpVectorHandlerList {
struct _LdrpVectorHandlerList *Prev;
struct _LdrpVectorHandlerList *Next;
DWORD Depth;
PVECTORED_EXCEPTION_HANDLER VectoredHandler;
} VECTORED_HANDLER_LIST, *PVECTORED_HANDLER_LIST;
VECTORED_HANDLER_LIST LdrpVectorHandlerList[2];
BOOLEAN RtlpCallVectoredHandlers(PEXCEPTION_RECORD ExceptionRecord, PCONTEXT ContextRecord, BOOL flag) {
@TheCjw
TheCjw / bttiantang_download.js
Created June 1, 2014 16:17
// ==UserScript==
// @name Bttiantang directly download.
// @author TheCjw
// @description //
// @namespace http://github.com/thecjw
// @updateURL
// @downloadURL
// @include http://www.bttiantang.com/subject/*
// @version 1.01
// @require http://libs.baidu.com/jquery/1.9.0/jquery.min.js
@TheCjw
TheCjw / Adobe Shockwave.md
Last active January 26, 2024 01:26
via http://phrack.org/papers/shockwave_memory_disclosure.html

Adobe Shockwave - A case study on memory disclosure

via phrack

[TOC]

#1 - Introduction

These days, proper exploit development on the latest and greatest operating systems is a time-consuming task. It doesn't help matters that the availability of public resources to help individuals research techniques to achieve such ends are becoming scarce. There are many reasons why this is now the case. Mainly, techniques to bypass security mitigations have become a valuable commodity to various entities and as such are no longer released as often for public dissemination or to further one's reputation.

@TheCjw
TheCjw / decode_baidu_protector_strings.py
Last active March 28, 2016 19:28
import idautils
import struct
def get_type1_xref(ea):
for ref_ea in DataRefsTo(ea):
# print GetDisasm(ref_ea)
if Byte(ref_ea) == 0x78 and Byte(ref_ea + 1) == 0x44:
return ref_ea
return None
@TheCjw
TheCjw / include.gypi
Created October 8, 2014 14:14
{
'variables': {
'buildtype': 'Official',
},
'target_defaults': {
'msvs_disabled_warnings': [4996, 4702, 4756, 4819],
}
}
@TheCjw
TheCjw / crash-issue1.c
Created January 13, 2015 05:08
PoC from http://randomthoughts.greyhats.it/2015/01/osx-bluetooth-lpe.html
/*
* crash-issue1.c: Written for Mac OS X Yosemite (10.10) by @rpaleari and @joystick.
*
* Exploits a missing check in
* IOBluetoothHCIUserClient::DispatchHCICreateConnection() causing a panic.
*
* gcc -Wall -o crash-issue1{,.c} -framework IOKit
*/
#include <stdio.h>
@TheCjw
TheCjw / CVE-2014-4076.py
Created February 3, 2015 01:21
CVE-2014-4076 PoC from http://downloads.securityfocus.com/vulnerabilities/exploits/70976.py
#!/usr/bin/python2
#
# KL-001-2015-001 / MS14-070 / CVE-2014-4076
# Microsoft Windows Server 2003 x86 Tcpip.sys Privilege Escalation
# Matt Bergin @ KoreLogic / Level @ Smash the Stack
# shout out to bla
#
from optparse import OptionParser
from subprocess import Popen
@TheCjw
TheCjw / AllocationInformation.py
Created March 23, 2015 14:49
from http://labs.bromium.com/2015/01/17/use-after-free-new-protections-and-how-to-defeat-them/
from idaapi import *
from idc import *
from idautils import *
import sys
#Jared DeMott, labs.bromium.com
def error(e):
print "Fatal error: ", e
sys.exit(-1)