Skip to content

Instantly share code, notes, and snippets.

View y11en's full-sized avatar
👋
Bug Maker

y11en y11en

👋
Bug Maker
435 followers · 1.8k following
View GitHub Profile
@bcse
bcse / scrdec18-VC8.exe
Created February 15, 2012 10:13
Windows Script Decoder 1.8 (Decoding JScript.Encoded)
@w4kfu
w4kfu / dllinjshim.cpp
Last active June 17, 2024 02:12
DLL Injection via Shim
/*
-------- dllinjshim.cpp --------
> cl /Fe:dllinjshim.exe dllinjshim.cpp
> dllinjshim.exe
> sdbinst moo.sdb
/!\ On Windows 10 there is a new function `SdbIsKnownShimDll` called
in `SdbGetDllPath` which will check the DLL name against the following list:
@lucasg
lucasg / apisetlookup.c
Last active June 14, 2024 20:08
Api set library lookup resolver
#include <windows.h>
#include <stdint.h>
#include <stdbool.h>
#include <stdio.h>
#include <sal.h>
#include <assert.h>
#ifdef _X86_
#error "This snippet only build in 64-bit due to heavy use of uintptr arithmetics."
#endif
@masthoon
masthoon / SystemCMD.cpp
Last active April 11, 2024 08:16
Launch SYSTEM CMD in user current session (from a service)
#include "stdafx.h"
#include <windows.h>
#include <Winbase.h>
#include <Wtsapi32.h>
#include <Userenv.h>
#include <malloc.h>
#pragma comment(lib, "Wtsapi32.lib")
#pragma comment(lib, "Userenv.lib")
@lucasg
lucasg / download_pdb_database.py
Created January 16, 2018 10:21
Download pdb and PE files from microsoft symbol store
import os
import re
import sys
import logging
import argparse
import subprocess
import requests
@saelo
saelo / pwn.js
Created May 6, 2018 16:12
Exploit for the "roll a d8" challenge of PlaidCTF 2018
//
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018.
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d
//
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions.
//
// Copyright (c) 2018 Samuel Groß
//
//
@masthoon
masthoon / fakewebdav.py
Created May 12, 2018 04:49
Basic WebDAV server
import os, binascii
from flask import Flask, Response, abort
def random_etag():
return "1000-" + binascii.b2a_hex(os.urandom(6))
app = Flask(__name__)
PORT = 80
DLL_ETAG = random_etag()
@j00ru
j00ru / WCTF_2018_searchme_exploit.cpp
Created July 18, 2018 14:09
WCTF 2018 "searchme" exploit by Mateusz "j00ru" Jurczyk
// WCTF 2018 "searchme" task exploit
//
// Author: Mateusz "j00ru" Jurczyk
// Date: 6 July 2018
// Tested on: Windows 10 1803 (10.0.17134.165)
//
// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
#include <Windows.h>
#include <winternl.h>
#include <ntstatus.h>
@cloudwu
cloudwu / luavm.c
Created August 15, 2018 07:48
Lua VM wrapper
#include <lua.h>
#include <lualib.h>
#include <lauxlib.h>
#include <stdarg.h>
#include <string.h>
#define ERRLOG 1
#define MSGTABLE 2
#define RETOP 2
@masthoon
masthoon / rpc_dump_rs4.txt
Last active May 26, 2024 05:39
RPC interfaces RS4
--------------------------------------------------------------------------------
<WinProcess "smss.exe" pid 520 at 0x5db0c50L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ff868230000
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 776 at 0x5db0908L>
64
Interfaces :
Endpoints :