y0ny0ns0n
/ cce2019quals-babywkernel-exploit.c
Last active
January 10, 2020 16:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <time.h> | |
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <winioctl.h> | |
| #include <TlHelp32.h> | |
| #define BABY_IOCTL_CODE1 0x221DDF | |
| #define BABY_IOCTL_CODE2 0x221DE3 | |
| #define BABY_IOCTL_CODE3 0x221DEB |
y0ny0ns0n
/ LazyFragmentationHeap_exploit.py
Created
May 5, 2020 14:55
exploit code of LazyFragmentationHeap on WCTF 2019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # context.log_level = "debug" | |
| # HOST = "192.168.56.102" # VirtualBox Host-Only Adapter | |
| HOST = "192.168.0.18" # VirtualBox Bridge | |
| PORT = 6677 | |
| SIZE = 0xC8 # yes, I intend korean slang | |
| hi = None |
y0ny0ns0n
/ InCTF2020-NTBabyHeap.py
Created
August 2, 2020 15:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import sys | |
| context.arch = "amd64" | |
| # context.log_level = "debug" | |
| PORT = 13337 | |
| if len(sys.argv) == 1: | |
| HOST = "127.0.0.1" |
y0ny0ns0n
/ gctf2020quals-threading.py
Created
August 24, 2020 04:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import sys | |
| # context.log_level = "debug" | |
| """ | |
| copied from server.cc | |
| This server builds and runs programs written in the DevMaster Sandboxed Programming Language. | |
| Expected input in the following format: |
y0ny0ns0n
/ CreatemVmcallHandlersTable_WIP_20231_py3.py
Created
October 22, 2020 07:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __author__ = "Gerhart" | |
| __license__ = "GPL" | |
| __version__ = "1.2.0" | |
| # Script parsing and formating structures with hypercall handlers in hvix64.exe | |
| # Microsoft doesn't provide symbols for hvix64.exe, therefore i called it VmcallHandlersTable | |
| # Hypercalls were taken from Hyper-V TLFS, winhvr.sys, winhv.sys, ntoskrnl.exe, securekernel.exe | |
| # Windows 10 and Windows Server 2019 have different hypercalls. There are not many, but don't forget about it. | |
| # 04-01-2020 Add hvix64 OS detection by hypercalls count |
y0ny0ns0n
/ vbox-6.1.12-winbuild.patch
Last active
May 6, 2021 16:02
VirtualBox 6.1.22( VirtualBox-6.1.22.tar.bz2 ) patch for windows build
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/Config.kmk b/Config.kmk | |
| index 687c1c2..9eaf172 100644 | |
| --- a/Config.kmk | |
| +++ b/Config.kmk | |
| @@ -26,6 +26,12 @@ VBOX_ROOT_CONFIG_KMK_INCLUDED = 1 | |
| # kBuild stuff | |
| # | |
| +if defined(VBOX_SIGNING_MODE) && defined(VBOX_CROSS_CERTIFICATE_FILE) | |
| + VBOX_INTEGRITY_CHECK := /IntegrityCheck |
y0ny0ns0n
/ test_tlv_server.cpp
Created
January 30, 2022 05:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #undef UNICODE | |
| #define WIN32_LEAN_AND_MEAN | |
| #include <windows.h> | |
| #include <winsock2.h> | |
| #include <ws2tcpip.h> | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <stdint.h> |
y0ny0ns0n
/ fuzzer_test_tlv_server.cc
Created
January 30, 2022 07:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // written by y0ny0ns0n | |
| #include "backend.h" | |
| #include "targets.h" | |
| #include "utils.h" | |
| #include "mutator.h" | |
| #include "crash_detection_umode.h" | |
| #include <fmt/format.h> | |
| namespace fs = std::filesystem; |
y0ny0ns0n
/ nday_poc.c
Created
October 9, 2022 23:56
Crash PoC for CVE-2022-34719( DFS EoP, patched on 2022.09 )
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #define _BYTE BYTE | |
| #define _WORD WORD | |
| #pragma comment(lib, "ntdll.lib") | |