This is an exploit for HoleyBeep.
To use it, place any command you want root to execute in /tmp/x.
$ cat /tmp/x
echo PWNED $(whoami)
Jackson T. jthuraisamy
TheWover
/ EtwpTest.cs
Created
May 6, 2020 22:03
Demonstrates using ntdll.dll!EtwpCreateThreadEtw for local shellcode execution.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Diagnostics; | |
| using System.Runtime.InteropServices; | |
| namespace EtwpTest | |
| { | |
| class Program | |
| { | |
| static void Main(string[] args) | |
| { |
vector-sec
/ Get-Token.ps1
Created
August 10, 2017 17:51
PowerShell script to enumerate all Process and Thread tokens.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-Token | |
| { | |
| foreach($proc in (Get-Process)) | |
| { | |
| if($proc.Id -ne 0 -and $proc.Id -ne 4) | |
| { | |
| try | |
| { | |
| $hProcess = OpenProcess -ProcessId $proc.Id -DesiredAccess PROCESS_QUERY_LIMITED_INFORMATION | |
| } |
gbaman
/ HowToOTGFast.md
Last active
April 16, 2024 06:29
Simple guide for setting up OTG modes on the Raspberry Pi Zero, the fast way!
More details - http://blog.gbaman.info/?p=791
For this method, alongside your Pi Zero, MicroUSB cable and MicroSD card, only an additional computer is required, which can be running Windows (with Bonjour, iTunes or Quicktime installed), Mac OS or Linux (with Avahi Daemon installed, for example Ubuntu has it built in).
1. Flash Raspbian Jessie full or Raspbian Jessie Lite onto the SD card.
2. Once Raspbian is flashed, open up the boot partition (in Windows Explorer, Finder etc) and add to the bottom of the config.txt file dtoverlay=dwc2 on a new line, then save the file.
3. If using a recent release of Jessie (Dec 2016 onwards), then create a new file simply called ssh in the SD card as well. By default SSH i
maxvt
/ infra-secret-management-overview.md
Last active
February 28, 2024 20:53
Infrastructure Secret Management Software Overview
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
Download main.c and empty.vcxproj to your PC. Download Crinkler 2.0 from http://crinkler.net/crinkler20.zip and extract it to tools/ in your project folder and rename it to link.exe.
You should then be able to open the project in MSVC 2015 and compile and run it!
Many small cheats are used here to make the code as small as possible. Straight of the bat we never specify more than dwFlags in PIXELFORMATDESCRIPTOR. This struct actually required us to fill in a size field, but that costs four bytes and doesn't appear to do anything horrendous when left out...
In the Fragment Shader we do nothing in the main function. On my machine this implies that the gl_FragColor is black, but YMMV.
Stripping the entrypoint of it prologue and epilogue means that we save on bytes, but we must put some sort of prologue in. The asm on line seven is just the magic we need.