Skip to content

Instantly share code, notes, and snippets.

View elnx's full-sized avatar
🖖
What's happening?

elnx

🖖
What's happening?
194 followers · 1.4k following
  • /dev/null
View GitHub Profile
@ErikAugust
ErikAugust / spectre.c
Last active April 15, 2024 13:55
Spectre example code
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif
@namazso
namazso / pdb_parser_lite.cpp
Created April 18, 2018 17:49
A lightweight PDB parser that retrieves type and symbol CodeView streams.
/* MIT License
*
* Copyright (c) namazso 2018
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
@tangrs
tangrs / bin2elf.sh
Last active April 15, 2024 02:34
Convert a memory dump/raw binary image into an ELF file
#!/bin/sh
# Convert a raw binary image into an ELF file suitable for loading into a disassembler
cat > raw$$.ld <<EOF
SECTIONS
{
EOF
echo " . = $3;" >> raw$$.ld
@klzgrad
klzgrad / Naive-VPN.md
Created November 17, 2014 00:43
朴素VPN:一个纯内核级静态隧道

朴素VPN:一个纯内核级静态隧道

由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。

创建一个朴素VPN

@saelo
saelo / pwn.js
Created May 6, 2018 16:12
Exploit for the "roll a d8" challenge of PlaidCTF 2018
//
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018.
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d
//
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions.
//
// Copyright (c) 2018 Samuel Groß
//
//
@Jinmo
Jinmo / _.md
Last active March 5, 2024 21:13
C/C++ header to IDA

Usage

In IDAPython,

execfile('<path>/cxxparser.py')
parse_file('<path>/a.cpp',[r'-I<path>\LuaJIT-2.0.5\src', '-D__NT__', '-D__X64__', '-D__EA64__'])
parse_file('<path>/malloc.c',['-target=x86_64-linux-gnu'])
@romanking98
romanking98 / House_of_Roman.md
Last active February 9, 2024 04:21
@masthoon
masthoon / convuln.cpp
Last active November 29, 2023 14:19
Console Input Buffer security
/*
MiniPoc for console buffer security bypass
Instructions
- Compile with x64 Native Tools Command Prompt for VS 2019
* cl /Zi /std:c++latest minipoc.cpp
- Copy executable and apply Low Integrity directly to the file
* copy minipoc.exe minipoclow.exe
* icacls minipoclow.exe /setintegritylevel Low
(/Zi for pdb generation)
@masthoon
masthoon / appjaillauncher_exploit.cpp
Last active November 29, 2023 14:07
AppJailLauncher console escape
#define UNICODE
#define _UNICODE
#include <iostream>
#include <string>
#include <Windows.h>
#include <Psapi.h>
#include <fstream>
#pragma comment(lib, "ntdll.lib")
#pragma comment(lib, "Psapi")
@tandasat
tandasat / dump_vmcs.js
Last active November 28, 2023 19:09
Deprecated: see https://github.com/tandasat/hvext
"use strict";
// This script implements the !dump_vmcs command that displays values of the all
// fields in the current VMCS. The processor must be in VMX-root operation with
// an active VMCS.
//
// As a reference, there are some other implementations of the same concept. The
// author is now aware of those two at least. Check them out as it may fit your
// need better.
// - https://github.com/ergot86/crap/blob/main/hyperv_stuff.js (Windbg JavaScript)