Search for the vftable on stack:
.shell -ci "dpp poi(@$teb+0x8) poi(@$teb+0x4)" FINDSTR /I "<your type name comes here>.*vftable"
# Check that the SSH client did not supply a command | |
if [[ -z $SSH_ORIGINAL_COMMAND ]]; then | |
# /var/log/bastion/YYYY-MM-DD_HH-MM-SS_user | |
LOG_FILE="`date --date="today" "+%Y-%m-%d_%H-%M-%S"`_`whoami`" | |
USER_NAME=`whoami` | |
LOG_DIR="/var/log/bastion/" | |
# Print a welcome message | |
echo "-------------------------------------------------------" |
import json | |
import sys | |
def getKeys(val, old="$"): | |
if isinstance(val, dict): | |
for k in val.keys(): | |
getKeys(val[k], old + "." + str(k)) | |
elif isinstance(val, list): | |
for i, k in enumerate(val): |
CAP_AUDIT_CONTROL | |
CAP_AUDIT_WRITE | |
CAP_BLOCK_SUSPEND | |
CAP_BPF | |
CAP_CHECKPOINT_RESTORE | |
CAP_CHOWN | |
CAP_DAC_OVERRIDE | |
CAP_DAC_READ_SEARCH | |
CAP_FOWNER | |
CAP_FSETID |
/* | |
* @author Tim Newsham | |
* use ptrace to bypass seccomp rule against open_handle_at | |
* and use open_handle_at to get a handle on the REAL root dir | |
* and then chroot to it. This escapes privileged lxc container. | |
* gcc -g -Wall secopenchroot.c -o secopenchroot | |
* ./secopenchroot /tmp "02 00 00 00 00 00 00 00" | |
* | |
* assuming that the real root has file handle "02 00 00 00 00 00 00 00" | |
*/ |
Don't worry, that value is only wrong half of the time | |
The unit test doesn't cover that eventuality | |
There was too little data to bother with the extra functionality at the time | |
I thought you signed off on that? | |
The program has never collected that information | |
That's interesting, how did you manage to make it do that? | |
Your browser must be caching the old content | |
Our internet connection must not be working | |
I couldn't find any examples of how that can be done anywhere online | |
I thought I fixed that |
Search for the vftable on stack:
.shell -ci "dpp poi(@$teb+0x8) poi(@$teb+0x4)" FINDSTR /I "<your type name comes here>.*vftable"
// Copyright 2006 Rutger E.W. van Beusekom. | |
// Distributed under the Boost Software License, Version 1.0. (See | |
// accompanying file LICENSE_1_0.txt or copy at | |
// http://www.boost.org/LICENSE_1_0.txt) | |
#ifndef __YAFFUT_H__ | |
#define __YAFFUT_H__ | |
#ifdef __GNUC__ | |
#include <cxxabi.h> |
#pragma once | |
#pragma warning(disable : 4503) | |
#include <cassert> | |
#include <functional> | |
#include <algorithm> | |
#include <tbb/tbb.h> |
param( | |
[switch]$install | |
) | |
function Try-ImportModule($module, [ScriptBlock]$onError) { | |
try { | |
Import-Module $module -ErrorAction Stop | |
} catch { | |
& $onError | |
Import-Module $module |