Skip to content

Instantly share code, notes, and snippets.

@hasherezade
hasherezade / fakedns.py
Created Sep 15, 2021
FakeDNS (Python3)
View fakedns.py
#!/usr/bin/python3
__author__ = 'Francisco Santos'
# URL: https://code.activestate.com/recipes/491264-mini-fake-dns-server/
import socket
class DNSQuery:
def __init__(self, data):
self.data=data
@hasherezade
hasherezade / aes_crypt.cpp
Last active Sep 14, 2021
AES 128 - encrypt/decrypt using Windows Crypto API
View aes_crypt.cpp
#include <Windows.h>
#include <wincrypt.h>
#include <stdio.h>
#pragma comment(lib, "advapi32.lib")
#define AES_KEY_SIZE 16
#define CHUNK_SIZE (AES_KEY_SIZE*3) // an output buffer must be a multiple of the key size
//params: <input file> <output file> <is decrypt mode> <key>
int wmain( int argc, wchar_t *argv[])
@hasherezade
hasherezade / GzipSimpleHttpServer.py
Last active Aug 17, 2021 — forked from bkeating/GzipSimpleHttpServer.py
Python's SimpleHttpServer, but w/Gzip support. 🤙
View GzipSimpleHttpServer.py
#!/usr/bin/python3
"""Simple HTTP Server.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
"""
__version__ = "0.7"
@hasherezade
hasherezade / winupdate64.dll.tag
Created Jul 27, 2021
Tag file from tracing a VMProtect-protected NuggetPhantom component
View winupdate64.dll.tag
71941;kernel32.LoadLibraryA
Arg[0] = ptr 0x000000d19111f670 -> "kernel32.dll"
cdb3d;kernel32.GetModuleFileNameW
cdb3d;kernel32.CreateFileW
Arg[0] = ptr 0x000000d19111f280 -> L"C:\Users\tester\Desktop\winupdate64.dll"
Arg[1] = 0x0000000080000000 = 2147483648
Arg[2] = 0x0000000000000003 = 3
Arg[3] = 0
Arg[4] = 0x0000000000000003 = 3
@hasherezade
hasherezade / main.cpp
Created Jul 17, 2021
A native way to enumerate processes (alternative to: EnumProcesses, CreateToolhelp32Snapshot - Process32First - Process32Next)
View main.cpp
#include <windows.h>
#include <iostream>
#include "ntddk.h"
bool enum_processes()
{
ULONG retLen = 0;
// check length:
@hasherezade
hasherezade / install.reg
Last active Jul 28, 2021
AppInit_DLLs : install/uninstall DLL
View install.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"="C:\\dlls\\demo64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"="C:\\dlls\\demo32.dll"
@hasherezade
hasherezade / Program.cs
Last active Jul 27, 2021
A simple app to decode #PurpleFoxEK stegano payloads
View Program.cs
using System;
using System.Drawing;
using System.IO;
namespace PurpleFoxPNGDec
{
internal class Program
{
public static int getPrintableLen(byte[] array)
{
View AppProxy.cpp
#include <stdio.h>
#include <Windows.h>
#include <psapi.h>
#include <string>
HANDLE create_new_process(IN const char* path, IN const char* cmd)
{
STARTUPINFOA si;
memset(&si, 0, sizeof(STARTUPINFO));
View uac_bypass.c
void TestCopy()
{
BOOL cond = FALSE;
IFileOperation *FileOperation1 = NULL;
IShellItem *isrc = NULL, *idst = NULL;
BIND_OPTS3 bop;
SHELLEXECUTEINFOW shexec;
HRESULT r;
do {