Skip to content

Instantly share code, notes, and snippets.


moly morimolymoly

Block or report user

Report or block morimolymoly

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile


sudo apt install build-essential \
 bcc bin86 gawk bridge-utils iproute2 libcurl4 \
 libcurl4-openssl-dev bzip2 module-init-tools transfig tgif \
 texinfo texlive-latex-base texlive-latex-recommended \
 texlive-fonts-extra texlive-fonts-recommended pciutils-dev mercurial \
 make gcc libc6-dev zlib1g-dev python python-dev python-twisted \
 libncurses5-dev patch libvncserver-dev libsdl-dev libjpeg-dev \
 iasl libbz2-dev e2fslibs-dev git-core uuid-dev ocaml ocaml-findlib libx11-dev bison flex xz-utils libyajl-dev \

Scam Details

steal account credentials

Scammer( send messages to victims for inviting to exchange in-game items. He let you to connect to legit trading website. (e.g. csmoney, bitskins) And also, he introduce fake website( to check item's price.

fakewebsite do picture-in-picture attack. It steals victim's account ID and password and also 2FA code.

Login window is totally fake(with picture-in-picture attack, it seems totally legit)



root@yayoi:/home/moly# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               ubuntu-vg
  PV Size               <9.00 GiB / not usable 0
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              2303
View bis
View hen.go
package main
import (
type helloObject struct {
Otakebi string
Name string
View gist:a99ca960634de1ce461d49f1021e8d7d
fd 3, addr: 0x55a7fdabb5c8
GET / HTTP/1.1
User-Agent: curl/7.58.0
Accept: */*
View gist:ba33c829e0bd06133f7bf62f8040a415
fd 3, addr: 0x560d941b9080
GET / HTTP/1.1
User-Agent: curl/7.58.0
Accept: */*
fd 3, addr: 0x560d941c3ee0
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
View aaaa
moly@yayoi:~/cli$ strace curl --noproxy -i -X POST -H 'Content-Type:application/json' -d "{\"ip\": 16754880, \"buf\": \"aaaaaaa\"}"
execve("/usr/bin/curl", ["curl", "--noproxy", "", "-i", "-X", "POST", "-H", "Content-Type:application/json", "-d", "{\"ip\": 16754880, \"buf\": \"aaaa"..., ""], 0x7ffcfb4cde00 /* 71 vars */) = 0
brk(NULL) = 0x55b5a2983000
access("/etc/", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=104507, ...}) = 0
mmap(NULL, 104507, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8bf0c26000
close(3) = 0
access("/etc/", F_OK) = -1 ENOENT (No such file or directory)
morimolymoly / DmaHvBackdoor.c
Created Jan 3, 2019 — forked from Cr4sh/DmaHvBackdoor.c
Hyper-V backdoor for UEFI
View DmaHvBackdoor.c
Part of UEFI DXE driver code that injects Hyper-V VM exit handler
backdoor into the Device Guard enabled Windows 10 Enterprise.
Execution starts from new_ExitBootServices() -- a hook handler
for EFI_BOOT_SERVICES.ExitBootServices() which being called by
winload!OslFwpKernelSetupPhase1(). After DXE phase exit winload.efi
transfers exeution to previously loaded Hyper-V kernel (hvix64.sys)
View tv
physical address = 30b0360
Handle NMI by 9
Handle NMI by 8
Handle NMI by 2
Handle NMI by 6
Handle NMI by 5
Handle NMI by 3
Handle NMI by 4
Handle NMI by 0
Handle NMI by 7
You can’t perform that action at this time.