Skip to content

Instantly share code, notes, and snippets.

slipstream/RoL Wack0

View GitHub Profile
Wack0 / cex_crypto.cs
Created May 23, 2017
Compaq/HP Recovery Media (c. late 1990s-early 2000s) .CEX File Decryptor
View cex_crypto.cs
Compaq/HP Recovery Media (c. late 1990s-early 2000s) .CEX File Decryptor
another rrrring of lightningggg production by slipstream/RoL!
Yesterday I received in the post some Compaq recovery media I ordered from Yahoo! Auctions Japan to dump.
Having done that, I took a closer look at the disc images.
The recovery media came in two CDs: a boot CD ("COMPAQ Restore CD"), and an OS CD ("Compaq CD for Microsoft Windows
NT Workstation 4.0 Operating System").
Wack0 / mastostats.php
Last active Apr 19, 2017
CLI Mastodon network stats script. Uses Updates every 60 seconds.
View mastostats.php
// This class adapted from:
class Colors {
private static $foreground_colors = array(
Wack0 / blob10_pass.php
Created Jan 20, 2017
Blobby 10 password generation algorithm
View blob10_pass.php
// Blobby 10 zip-password generation algorithm.
foreach ($argv as $zip) {
$p = '[';
$firstchar = ord($zip[0]);
$whitelisted_zips = array(
View gist:25a155e9f7ecef46da180b55b7e87931

Setup: App: Unpacked + partially-deobfuscated:

Deobfuscated taskscheduler .xml string:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="">
Wack0 / SbpParse.cs
Created Jan 13, 2017
Secure Boot Policy parser
View SbpParse.cs
using System;
using System.IO;
using LipingShare.LCLib.Asn1Processor;
using System.Runtime.InteropServices;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
namespace SbpParse {
Wack0 / programmatic_poc.cs
Last active Dec 14, 2016
Command injection in MS' One Step / DPLauncher / "Get ready for the Internet" application, for UAC / RCE through social engineering using MS signed exe / clickonce.
View programmatic_poc.cs
using System;
using System.Runtime.InteropServices;
class DPPwned {
public static extern int LaunchApplication([MarshalAs(UnmanagedType.LPWStr)] string deploymentUrl,int data,int flags);
public static void Main() {
Wack0 /
Last active Apr 21, 2016
AdwareROI MiTM certificates and private keys


AdwareROI is basically the world's shittiest MiTM malware ever.

It's being sold for $5.5k for one panel/binary, $16k for multiple panels/binaries, and probably ten times that if you want src too. That doesn't include the SSL MiTM functionality which is another $1k.

And.. as I said, it's shitty. The MiTM functionality relies on WinDivert, the SSL MiTM uses a custom component, which is (seriously!) called mitm_test_poc. And it uses a hardcoded CA cert and private key, that's installed with the other components.

So, what to do but disclose these as I obtain them?

Wack0 / ayy-oh-lmao.js
Last active Dec 8, 2015
AOL Desktop <= 9.8.1 FS Read/Write via MITM, <= 9.8.0 Remote Command Execution via MITM PoC
View ayy-oh-lmao.js
AOL Desktop <= 9.8.0 File Write and Remote Command Execution via MITM
AOL Desktop <= 9.8.1 File Write via MITM.
by slipstream/RoL, between August and December 2015. #rol ** ** twitter @TheWack0lian
The custom AOL protocol, includes a scripting language called FDO91 (FDO), that's compiled into a bytecode.
Compiled FDO makes up part of the data sent from server to client and client to server.
You can’t perform that action at this time.