Solomon Sklash SolomonSklash
SolomonSklash
/ ReflectedDll.c
Created
December 26, 2021 05:32
— forked from Cracked5pider/ReflectedDll.c
Get output from injected reflected dll
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //===============================================================================================// | |
| // This is a stub for the actuall functionality of the DLL. | |
| //===============================================================================================// | |
| #include "ReflectiveLoader.h" | |
| #include <stdio.h> | |
| // Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are | |
| // defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own | |
| // DllMain and use the LoadRemoteLibraryR() API to inject this DLL. |
SolomonSklash
/ log4j_rce_check.py
Created
December 10, 2021 20:09
— forked from byt3bl33d3r/log4j_rce_check.py
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3 | |
| ''' | |
| Needs Requests (pip3 install requests) | |
| Author: Marcello Salvati, Twitter: @byt3bl33d3r | |
| License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License) | |
| This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021. |
SolomonSklash
/ hash_djb2.py
Created
November 29, 2021 19:42
— forked from mengzhuo/hash_djb2.py
DJB2 Hash in Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # encoding: utf-8 | |
| def hash_djb2(s): | |
| hash = 5381 | |
| for x in s: | |
| hash = (( hash << 5) + hash) + ord(x) | |
| return hash & 0xFFFFFFFF | |
SolomonSklash
/ rpc_dump_rs5.txt
Created
November 10, 2021 23:42
— forked from enigma0x3/rpc_dump_rs5.txt
RPC interfaces RS5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------------------------------------------------------- | |
| <WinProcess "smss.exe" pid 368 at 0x5306908L> | |
| 64 | |
| [!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000 | |
| -------------------------------------------------------------------------------- | |
| <WinProcess "csrss.exe" pid 472 at 0x5306e48L> | |
| 64 | |
| Interfaces : | |
| Endpoints : |
SolomonSklash
/ SysCall.cpp
Created
October 29, 2021 02:27
— forked from benpturner/SysCall.cpp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <iostream> | |
| #include <windows.h> | |
| #include <psapi.h> | |
| typedef struct _PS_ATTRIBUTE { | |
| ULONG Attribute; | |
| SIZE_T Size; | |
| union { |
SolomonSklash
/ memBruteforce.cpp
Created
October 8, 2021 03:49
— forked from aaaddress1/memBruteforce.cpp
Windows 32-bit Shellcode Design without TEB & fs:30h
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // memBruteforce.cpp by [email protected] | |
| // brute search loaded moudules in memory | |
| // rewrite from https://www.exploit-db.com/exploits/45293 | |
| #include <Windows.h> | |
| #include <iostream> | |
| #pragma warning(disable:4996) | |
| bool isMemExist(size_t addr) { | |
| int retv; | |
| __asm { |
SolomonSklash
/ mainc.c
Created
October 2, 2021 04:09
— forked from jackullrich/mainc.c
Single Step Encryption/Decryption
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| LONG SingleStepEncryptDecrypt(EXCEPTION_POINTERS* ExceptionInfo); | |
| typedef VOID(__stdcall* Shellcode)(); | |
| LPBYTE ShellcodeBuffer; | |
| ULONG_PTR PreviousOffset; | |
| ULONG_PTR CurrentOffset; | |
| ULONGLONG InstructionCount; | |
| DWORD dwOld; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Disable Windows Defender | |
| # From https://github.com/jeremybeaume/tools/blob/master/disable-defender.ps1 | |
| <# | |
| Options : | |
| -Delete : delete the defender related files (services, drivers, executables, ....) | |
| Source : https://bidouillesecurity.com/disable-windows-defender-in-powershell |
SolomonSklash
/ apisetlookup.c
Created
September 1, 2021 17:35
— forked from lucasg/apisetlookup.c
Api set library lookup resolver
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdint.h> | |
| #include <stdbool.h> | |
| #include <stdio.h> | |
| #include <sal.h> | |
| #include <assert.h> | |
| #ifdef _X86_ | |
| #error "This snippet only build in 64-bit due to heavy use of uintptr arithmetics." | |
| #endif |
SolomonSklash
/ TestAssembly.cs
Created
August 16, 2021 22:36
— forked from Arno0x/TestAssembly.cs
This code shows how to load a CLR in an unmanaged process, then load an assembly from memory (not from a file) and execute a method
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ================================ Compile as a .Net DLL ============================== | |
| C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /target:library /out:TestAssembly.dll TestAssembly.cs | |
| */ | |
| using System.Windows.Forms; | |
| namespace TestNamespace |