In IDAPython,
execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])
tandasat
/ dump_vmcs.js
Last active
November 28, 2023 19:09
Deprecated: see https://github.com/tandasat/hvext
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| // This script implements the !dump_vmcs command that displays values of the all | |
| // fields in the current VMCS. The processor must be in VMX-root operation with | |
| // an active VMCS. | |
| // | |
| // As a reference, there are some other implementations of the same concept. The | |
| // author is now aware of those two at least. Check them out as it may fit your | |
| // need better. | |
| // - https://github.com/ergot86/crap/blob/main/hyperv_stuff.js (Windbg JavaScript) |
masthoon
/ appjaillauncher_exploit.cpp
Last active
November 29, 2023 14:07
AppJailLauncher console escape
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define UNICODE | |
| #define _UNICODE | |
| #include <iostream> | |
| #include <string> | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <fstream> | |
| #pragma comment(lib, "ntdll.lib") | |
| #pragma comment(lib, "Psapi") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| MiniPoc for console buffer security bypass | |
| Instructions | |
| - Compile with x64 Native Tools Command Prompt for VS 2019 | |
| * cl /Zi /std:c++latest minipoc.cpp | |
| - Copy executable and apply Low Integrity directly to the file | |
| * copy minipoc.exe minipoclow.exe | |
| * icacls minipoclow.exe /setintegritylevel Low | |
| (/Zi for pdb generation) |
testanull
/ PoC_CVE-2021–31474.json
Created
May 25, 2021 10:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/Action/TestAction HTTP/1.1 | |
| Host: <target> | |
| Content-Length: 3978 | |
| Accept: application/json, text/javascript, */*; q=0.01 | |
| X-XSRF-TOKEN: <token> | |
| X-Requested-With: XMLHttpRequest | |
| ViewLimitationID: 0 | |
| User-Agent: Mozilla/5.0 | |
| Content-Type: application/json; charset=UTF-8 | |
| Cookie: <cookie> |
roycewilliams
/ descrypt-admin-allsalts.txt
Created
August 13, 2020 15:33
descrypt-admin-allsalts.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All possible descrypt hashes of the password 'admin', using all possible salts. | |
| # From https://github.com/roycewilliams/kens-salty-rainbow | |
| # If you find a device that always uses one of these, let me know. | |
| ..xpoEyRReGzk | |
| ./nlIXYriZaB2 | |
| .08iPeaCLti3E | |
| .1fH80ykoJAyI | |
| .23PstrXfk7Nw | |
| .37vRhjo4ZP66 | |
| .4nTonCOGSWyU |
rpw
/ extract_gnu_debugdata_for_ida.sh
Created
June 21, 2020 10:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # quick and dirty bash script to extract .gnu_debugdata section | |
| # from ELF binaries to generate an IDC script that adds these | |
| # names as symbols | |
| # --rpw, 2020-06-21 | |
| SYMBOLFILE=debugdata_symbols.elf | |
| if [ $# -lt 1 ]; then | |
| echo "you need to supply a path to a binary" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ctypes import c_ssize_t, c_void_p, c_int, c_void_p, create_string_buffer, cast, WINFUNCTYPE, CFUNCTYPE, windll, cdll, CDLL | |
| from PyQt5.QtCore import Qt, QTimer, QObject | |
| from PyQt5.QtGui import QResizeEvent, QFocusEvent | |
| from PyQt5.QtWidgets import QWidget, QDialog, QDialogButtonBox, QPushButton, qApp | |
| import os | |
| import sys | |
| import idaapi | |
| import idc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
| // N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
| // | |
| // Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
| // | |
| // Copyright (c) 2018 Samuel Groß | |
| // | |
| // |
romanking98
/ House_of_Roman.md
Last active
February 9, 2024 04:21
- Disclamair
- House Of Roman
------> 2.1 Assumptions
------> 2.2 Protections
------> 2.3 Quick Walkthrough
------> 2.4 Setting the FD to malloc_hook
------> 2.5 Fixing the 0x71 freelist
------> 2.6 Unsorted Bin attack on malloc_hook
NewerOlder