wonderkun
wonderkun
/ windows_and_office_kms_setup.adoc
Created
September 1, 2023 03:26
— forked from jerodg/windows_and_office_kms_setup.adoc
Activate Windows and Office Using KMS Server
wonderkun
/ winfork.c
Created
December 23, 2022 06:15
— forked from juntalis/winfork.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * fork.c | |
| * Experimental fork() on Windows. Requires NT 6 subsystem or | |
| * newer. | |
| * | |
| * Copyright (c) 2012 William Pitcock <nenolod@dereferenced.org> | |
| * | |
| * Permission to use, copy, modify, and/or distribute this software for any | |
| * purpose with or without fee is hereby granted, provided that the above | |
| * copyright notice and this permission notice appear in all copies. |
wonderkun
/ refl.cpp
Created
December 23, 2022 03:30
— forked from GeneralTesler/refl.cpp
PoC using RtlCreateProcessReflection + MiniDumpWriteDump to dump lsass.exe process memory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <DbgHelp.h> | |
| #include <processsnapshot.h> | |
| #include <TlHelp32.h> | |
| #include <processthreadsapi.h> | |
| //process reflection stuff copied from: https://github.com/hasherezade/pe-sieve/blob/master/utils/process_reflection.cpp | |
| //minidump/process searching copied from: https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass | |
| //compile using: cl.exe refl.cpp /DUNICODE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from socket import inet_aton | |
| from struct import unpack | |
| from flask import Flask | |
| import requests | |
| import re | |
| app = Flask(__name__) |
wonderkun
/ MSAcpi_ThermalZoneTemperature.ps1
Created
January 26, 2022 02:58
— forked from teixeira0xfffff/MSAcpi_ThermalZoneTemperature.ps1
Anti-VM Techniques with MSAcpi_ThermalZoneTemperature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-AntiVMwithTemperature { | |
| $t = Get-WmiObject MSAcpi_ThermalZoneTemperature -Namespace "root/wmi" | |
| $valorTempKelvin = $t.CurrentTemperature / 10 | |
| $valorTempCelsius = $valorTempKelvin - 273.15 | |
| $valorTempFahrenheit = (9/5) * $valorTempCelsius + 32 | |
| return $valorTempCelsius.ToString() + " C : " + $valorTempFahrenheit.ToString() + " F : " + $valorTempKelvin + "K" | |
| } |
wonderkun
/ RootHelper.x.c
Created
July 22, 2021 02:44
— forked from NullArray/RootHelper.x.c
RootHelper Obfuscated, Encrypted, Converted to C source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //#____ ____ __ | |
| //#\ \ / /____ _____/ |_ ___________ | |
| //# \ Y // __ \_/ ___\ __\/ _ \_ __ \ | |
| //# \ /\ ___/\ \___| | ( <_> ) | \/ | |
| //# \___/ \___ >\___ >__| \____/|__| | |
| //# \/ \/ | |
| //#--Licensed under GNU GPL 3 | |
| //#----Authored by Vector/NullArray | |
| //############################################### |
wonderkun
/ gist:cbddf55520776fea00375d4404eee476
Created
November 5, 2020 14:04
— forked from idiom/gist:7bf970f704c2f5e9b2cec825ded91df6
Ida 7.4 Python 3 Error
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| `C:\Program Files\IDA Pro 7.4\python\3\idc.py:5121: SyntaxWarning: "is not" with a literal. Did you mean "!="? | |
| if newtype is not '':` | |
| --- FIX --- | |
| To resolve the above error change line 5121 to | |
| `if newtype is not None:` | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // 可以遍历 shell32.dll的参数可以获取各种不一样的图表。 好像还可以指定自己的图表,但是没有测试出来。 | |
| write-host "shutcut $($args[0]), and file name $($args[0])" | |
| $file = Get-Content "C:\Users\wonderkun\Desktop\1.txt" | |
| $WshShell = New-Object -comObject WScript.Shell | |
| $Shortcut = $WshShell.CreateShortcut("C:\Users\wonderkun\Desktop\test\$($args[0]).lnk") | |
| $Shortcut.TargetPath = "%SystemRoot%\system32\cmd.exe" | |
| $Shortcut.IconLocation = "%SystemRoot%\System32\Shell32.dll,$($args[0])" | |
| $Shortcut.Arguments = ' '+ $file | |
| $Shortcut.Save() |
wonderkun
/ redis-lua-linux-x86-poc.py
Created
October 13, 2019 09:13
— forked from c3c/redis-lua-linux-x86-poc.py
Redis Lua 5.1 sandbox escape 32-bit Linux exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Redis Lua 5.1 sandbox escape 32-bit Linux exploit | |
| ## Original exploit by corsix and sghctoma | |
| ## Author: @c3c | |
| ## It's possible to abuse the Lua 5.1 sandbox to obtain RCE by loading modified bytecode | |
| ## This concept is fully explained on corsix' gist at https://gist.github.com/corsix/6575486 | |
| ## This version uses pieces of the 32-bit Windows exploit made by corsix and the 64-bit Linux exploit made by sghctoma; as expected, a few offsets were different | |
| ## sghctoma's exploit uses the arbitrary memory read to leak pointers to libc and find the address of "system" http://paper.seebug.org/papers/Security%20Conf/Defcon/2015/DEFCON-23-Tamas-Szakaly-Shall-We-Play-A-Game.pdf | |
| ## This code is much the same, except the process is done using pwntools' DynELF | |
| ## Furthermore, attempting to leak addresses in libc appears to cause segfaults on my 32-bit Linux, in which case, you will need to obtain the remote libc version |
wonderkun
/ redis-lua-linux-x86-poc.py
Created
October 13, 2019 09:13
— forked from orangetw/redis-lua-linux-x86-poc.py
Redis Lua 5.1 sandbox escape 32-bit Linux exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Redis Lua 5.1 sandbox escape 32-bit Linux exploit | |
| ## Original exploit by corsix and sghctoma | |
| ## Author: @c3c | |
| ## It's possible to abuse the Lua 5.1 sandbox to obtain RCE by loading modified bytecode | |
| ## This concept is fully explained on corsix' gist at https://gist.github.com/corsix/6575486 | |
| ## This version uses pieces of the 32-bit Windows exploit made by corsix and the 64-bit Linux exploit made by sghctoma; as expected, a few offsets were different | |
| ## sghctoma's exploit uses the arbitrary memory read to leak pointers to libc and find the address of "system" http://paper.seebug.org/papers/Security%20Conf/Defcon/2015/DEFCON-23-Tamas-Szakaly-Shall-We-Play-A-Game.pdf | |
| ## This code is much the same, except the process is done using pwntools' DynELF | |
| ## Furthermore, attempting to leak addresses in libc appears to cause segfaults on my 32-bit Linux, in which case, you will need to obtain the remote libc version |
NewerOlder