In IDAPython,
execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])
"use strict"; | |
// This script implements the !dump_vmcs command that displays values of the all | |
// fields in the current VMCS. The processor must be in VMX-root operation with | |
// an active VMCS. | |
// | |
// As a reference, there are some other implementations of the same concept. The | |
// author is now aware of those two at least. Check them out as it may fit your | |
// need better. | |
// - https://github.com/ergot86/crap/blob/main/hyperv_stuff.js (Windbg JavaScript) |
#define UNICODE | |
#define _UNICODE | |
#include <iostream> | |
#include <string> | |
#include <Windows.h> | |
#include <Psapi.h> | |
#include <fstream> | |
#pragma comment(lib, "ntdll.lib") | |
#pragma comment(lib, "Psapi") |
/* | |
MiniPoc for console buffer security bypass | |
Instructions | |
- Compile with x64 Native Tools Command Prompt for VS 2019 | |
* cl /Zi /std:c++latest minipoc.cpp | |
- Copy executable and apply Low Integrity directly to the file | |
* copy minipoc.exe minipoclow.exe | |
* icacls minipoclow.exe /setintegritylevel Low | |
(/Zi for pdb generation) |
POST /api/Action/TestAction HTTP/1.1 | |
Host: <target> | |
Content-Length: 3978 | |
Accept: application/json, text/javascript, */*; q=0.01 | |
X-XSRF-TOKEN: <token> | |
X-Requested-With: XMLHttpRequest | |
ViewLimitationID: 0 | |
User-Agent: Mozilla/5.0 | |
Content-Type: application/json; charset=UTF-8 | |
Cookie: <cookie> |
# All possible descrypt hashes of the password 'admin', using all possible salts. | |
# From https://github.com/roycewilliams/kens-salty-rainbow | |
# If you find a device that always uses one of these, let me know. | |
..xpoEyRReGzk | |
./nlIXYriZaB2 | |
.08iPeaCLti3E | |
.1fH80ykoJAyI | |
.23PstrXfk7Nw | |
.37vRhjo4ZP66 | |
.4nTonCOGSWyU |
#!/bin/bash | |
# quick and dirty bash script to extract .gnu_debugdata section | |
# from ELF binaries to generate an IDC script that adds these | |
# names as symbols | |
# --rpw, 2020-06-21 | |
SYMBOLFILE=debugdata_symbols.elf | |
if [ $# -lt 1 ]; then | |
echo "you need to supply a path to a binary" |
from ctypes import c_ssize_t, c_void_p, c_int, c_void_p, create_string_buffer, cast, WINFUNCTYPE, CFUNCTYPE, windll, cdll, CDLL | |
from PyQt5.QtCore import Qt, QTimer, QObject | |
from PyQt5.QtGui import QResizeEvent, QFocusEvent | |
from PyQt5.QtWidgets import QWidget, QDialog, QDialogButtonBox, QPushButton, qApp | |
import os | |
import sys | |
import idaapi | |
import idc |
// | |
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
// | |
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
// | |
// Copyright (c) 2018 Samuel Groß | |
// | |
// |