This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
-------- dllinjshim.cpp -------- | |
> cl /Fe:dllinjshim.exe dllinjshim.cpp | |
> dllinjshim.exe | |
> sdbinst moo.sdb | |
/!\ On Windows 10 there is a new function `SdbIsKnownShimDll` called | |
in `SdbGetDllPath` which will check the DLL name against the following list: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdint.h> | |
#include <stdbool.h> | |
#include <stdio.h> | |
#include <sal.h> | |
#include <assert.h> | |
#ifdef _X86_ | |
#error "This snippet only build in 64-bit due to heavy use of uintptr arithmetics." | |
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "stdafx.h" | |
#include <windows.h> | |
#include <Winbase.h> | |
#include <Wtsapi32.h> | |
#include <Userenv.h> | |
#include <malloc.h> | |
#pragma comment(lib, "Wtsapi32.lib") | |
#pragma comment(lib, "Userenv.lib") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import re | |
import sys | |
import logging | |
import argparse | |
import subprocess | |
import requests | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
// | |
// Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
// | |
// Copyright (c) 2018 Samuel Groß | |
// | |
// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os, binascii | |
from flask import Flask, Response, abort | |
def random_etag(): | |
return "1000-" + binascii.b2a_hex(os.urandom(6)) | |
app = Flask(__name__) | |
PORT = 80 | |
DLL_ETAG = random_etag() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// WCTF 2018 "searchme" task exploit | |
// | |
// Author: Mateusz "j00ru" Jurczyk | |
// Date: 6 July 2018 | |
// Tested on: Windows 10 1803 (10.0.17134.165) | |
// | |
// See also: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/ | |
#include <Windows.h> | |
#include <winternl.h> | |
#include <ntstatus.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <lua.h> | |
#include <lualib.h> | |
#include <lauxlib.h> | |
#include <stdarg.h> | |
#include <string.h> | |
#define ERRLOG 1 | |
#define MSGTABLE 2 | |
#define RETOP 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------------------------- | |
<WinProcess "smss.exe" pid 520 at 0x5db0c50L> | |
64 | |
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ff868230000 | |
-------------------------------------------------------------------------------- | |
<WinProcess "csrss.exe" pid 776 at 0x5db0908L> | |
64 | |
Interfaces : | |
Endpoints : |
OlderNewer