This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Linux x86(-64) - execve("/bin/sh", ["/bin/sh", 0], 0) shellcode (38 bytes) | |
| * 31c050488b1424eb105478065e5fb03b0f05595b40b00bcd80e8ebffffff2f62696e2f736800 | |
| * | |
| * - offset - bytes 32-bit code 64-bit code | |
| * 0x00000000 31c0 xor eax, eax xor eax, eax | |
| * 0x00000002 50 push eax push rax | |
| * 0x00000003 48 dec eax rex.w | |
| * 0x00000004 8b1424 mov edx, dword [esp] mov rdx, qword [rsp] | |
| * 0x00000007 eb10 jmp 0x19 jmp 0x19 |
hasherezade
/ aes_crypt.cpp
Last active
March 31, 2025 07:26
AES 128 - encrypt/decrypt using Windows Crypto API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <wincrypt.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "advapi32.lib") | |
| #define AES_KEY_SIZE 16 | |
| #define IN_CHUNK_SIZE (AES_KEY_SIZE * 10) // a buffer must be a multiple of the key size | |
| #define OUT_CHUNK_SIZE (IN_CHUNK_SIZE * 2) // an output buffer (for encryption) must be twice as big | |
| //params: <input file> <output file> <is decrypt mode> <key> |
hasherezade
/ syscall_extractor.cpp
Last active
August 30, 2023 21:47
Extracts syscalls list from NTDLL.DLL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| // based on: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/ | |
| // author: @evilsocket | |
| // modified by: @hasherezade | |
| #define IS_ADDRESS_BETWEEN( left, right, address ) ( (address) >= (left) && (address) < (right) ) | |
| PIMAGE_SECTION_HEADER SectionByRVA( PIMAGE_SECTION_HEADER pSections, DWORD dwSections, DWORD rva ) | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| bBackup folder copy | |
| Version 4 | |
| By Ben a.k.a DreamVB | |
| */ | |
| #include <iostream> | |
| #include <Windows.h> | |
| #include <string> | |
| #include <algorithm> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This file is designed to be included in D3D9-dependent code instead of d3d9.h, while adding minimal amount of junk | |
| #pragma once | |
| #include <BaseTyps.h> | |
| #include <BaseTsd.h> | |
| // stdlib.h | |
| #ifndef _INC_STDLIB | |
| #define _INC_STDLIB | |
| #endif |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from unicorn import * | |
| from unicorn.x86_const import * | |
| from capstone import * | |
| import base64 | |
| import time | |
| from collections import deque | |
| encrypt_data_code = b"\x55\x8B\xEC\x83\xEC\x18\x8B\x50\x20\x53\x8B\x58\x28\x56\x8B\x70\x24\x57\x8B\xF9\x33\x5F\x08\x33\x17\x33\x77\x04\x33\x98\x38\x02\x00\x00\x33\x90\x30\x02\x00\x00\x33\xB0\x34\x02\x00\x00\x8B\x48\x2C\x33\x4F\x0C\x33\x88\x3C\x02\x00\x00\x8B\xF9\x0B\xCA\x33\xFE\x89\x4D\xFC\x8B\xCB\x33\xCE\x89\x7D\xF8\x89\x4D\xEC\x33\x4D\xFC\x8B\xFE\x33\xFA\x89\x4D\xF4\x8B\xCF\x23\x7D\xF8\x23\xCB\x8B\x5D\xF8\xF7\xD3\x0B\xCB\x8B\x5D\xEC\x0B\xDA\x33\xCB\x33\xF9\x33\x7D\xF4\x33\xFA\x8B\xDF\x0B\xD9\x23\x5D\xFC\x33\xDE\xC1\xC1\x0D\xC1\xC3\x03\x8B\xF3\x33\xF7\x33\xF1\x89\x4D\xF8\xD1\xC6\x8B\xD1\xC1\xE2\x03\x33\xD3\x33\x55\xF4\x8B\xCE\xC1\xE1\x07\x33\xCB\xC1\xC2\x07\x8B\xDE\x33\x5D\xF8\x33\x70\x34\x33\xCA\x33\xDA\x33\x50\x3C\xC1\xC1\x16\x33\x48\x38\xC1\xC3\x05\x33\x58\x30\x8B\xFB\x33\xFA\x89\x7D\xF0\x8B\xFE\x33\xFA\x89\x7D\xF4\x8B\xF9\xF7\xD7\x89\x7D\xFC\x8B\xFE\x89\x5D\xF8\x23\xFB\x33 |
ruzickap
/ win7-admin.bat
Last active
October 18, 2023 02:47
win7 customization file. Run right after you first log in as administrator.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: Tested on Windows 7 | |
| @echo. | |
| @echo Test connection settings | |
| powershell -command "$client = new-object System.Net.WebClient; $client.DownloadFile('http://www.google.com', 'c:\del')" | |
| if %ERRORLEVEL% NEQ 0 ( | |
| @echo Can not download files form Internet !!! | |
| pause | |
| exit |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Zach J. Elko | |
| // 2010 | |
| // skater.cpp | |
| // | |
| // I've wanted to make one of these for a while now. I got bored and | |
| // whipped this up in about 3 hours. There are a lot of improvements | |
| // that can/should be made, but it's not bad for the short amount of | |
| // time put into it. | |
| // | |
| // Basic C/C++ code obfuscator. |
NewerOlder