chrismcfee
/ h0ul.txt
Created
October 20, 2014 03:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| H0ul | |
| By Bad BIOS | |
| For Hackers everywhere | |
| I. | |
| I saw the best minds of my generation destroyed by left-clicks, pornhub starved naked, | |
| dragging themselves through the Tenderloin streets at dawn looking for Silk Road v2, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Hook main() using LD_PRELOAD, because why not? | |
| * Obviously, this code is not portable. Use at your own risk. | |
| * | |
| * Compile using 'gcc hax.c -o hax.so -fPIC -shared -ldl' | |
| * Then run your program as 'LD_PRELOAD=$PWD/hax.so ./a.out' | |
| */ | |
| #define _GNU_SOURCE | |
| #include <stdio.h> |
bkth
/ objc-rpc.m
Created
March 20, 2018 15:11
remote procedure call example in obj-c for macOS services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <Foundation/Foundation.h> | |
| #import <Cocoa/Cocoa.h> | |
| @protocol NetStorageXPCObjectHandler | |
| - (void)lock; | |
| - (void)unlock; | |
| - (void)deleteAllResponses; | |
| - (void)dealloc; | |
| @end |
Cryptogenic
/ js_shellcode.py
Created
May 27, 2018 21:52
A script to convert payloads into JS shellcode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import sys | |
| import struct | |
| import argparse | |
| def swap32(i): | |
| return struct.unpack("<I", struct.pack(">I", i))[0] | |
| filename = None |
zznop
/ mem-loader.asm
Last active
March 6, 2023 00:17
Fun little loader shellcode that executes an ELF in-memory using an anonymous file descriptor (inspired by https://x-c3ll.github.io/posts/fileless-memfd_create/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ;;; | |
| ;;; Copyright (C), zznop, brandonkmiller@protonmail.com | |
| ;;; | |
| ;;; This software may be modified and distributed under the terms | |
| ;;; of the MIT license. See the LICENSE file for details. | |
| ;;; | |
| ;;; DESCRIPTION | |
| ;;; | |
| ;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <mach/mach.h> | |
| #include <mach/error.h> | |
| #include <errno.h> | |
| #include <stdlib.h> | |
| #include <sys/sysctl.h> | |
| #include <sys/mman.h> |
saelo
/ 3_years_of_attacking_javascript_engines.txt
Created
October 27, 2019 16:04
3 Years of Attacking JavaScript Engines
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| |=-----------------------------------------------------------------------=| | |
| |=-------------=[ 3 Years of Attacking JavaScript Engines ]=-------------=| | |
| |=-----------------------------------------------------------------------=| | |
| |=------------------------------=[ saelo ]=------------------------------=| | |
| |=-----------------------------------------------------------------------=| | |
| The following are some brief notes about the changes that have taken place | |
| since the release of the "Attacking JavaScript Engines" paper [1]. In | |
| general, no big conceptional changes have happened since. Mitigations have | |
| been added to break some of the presented techniques and, as expected, a |
psifertex
/ 1_Snippet_Instructions.txt
Last active
May 23, 2024 18:33
my current collection of snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Welcome to Jordan's grab-bag of common Binary Ninja Snippets. | |
| These snippest are meant to run with the Binary Ninja Snippets Plugin | |
| (http://github.com/Vector35/snippets) though they can all also be pasted | |
| directly into the python console or turned into stand-alone plugins if needed. | |
| To install the entire collection at once, just install the Snippets plugin via | |
| the plugin manager (CMD/CTL-SHIFT-M), confirm the Snippet Editor works | |
| (Tool/Snippets/Snippet Editor), and unzip this bundle (Download ZIP above) into | |
| your Snippets folder. |
Cryptogenic
/ ip6_expl_poc.c
Last active
June 25, 2021 08:24
Kernel exploit POC (Proof-of-Concept) for IP6_EXTHDR_CHECK double free (CVE-2020-9892). Interleaves with multi-threads for code exec. Mainly a reference for PS4 implementation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * IP6_EXTHDR_CHECK Double Free (CVE-2020-9892) Exploit PoC for FreeBSD 9.0 | |
| * https://github.com/google/security-research/security/advisories/GHSA-gxcr-cw4q-9q78 | |
| * - | |
| * Bug credit: Andy Nguyen (@theflow0) | |
| * Exploit credit: @SpecterDev, @tihmstar | |
| * Thanks: @sleirsgoevy, @littlelailo, flatz (@flat_z), @balika011 | |
| * - | |
| * Build: gcc -o expl ip6_expl_poc.c -pthread | |
| * - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdbool.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <dlfcn.h> | |
| static bool finished = false; |
OlderNewer