Julian Horoszkiewicz ewilded
🌴
ewilded
/ duplicate_token.cpp
Last active
February 25, 2025 19:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Simple POC demonstrating one of the ways to create a process with a different security token of the same user and integrity (but with different privileges and/or group memberships, usually), | |
| // from a different process instead of inheriting it from this one. Related to https://hackingiscool.pl/breaking-out-from-stripped-tokens-using-process-injection/. | |
| // To compile: | |
| // "c:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat" | |
| // cl.exe duplicate_token.cpp /EHsc /link Advapi32.lib | |
| #include <windows.h> | |
| #include <iostream> | |
| int main() |
ewilded
/ HEVD_stackGS
Created
October 4, 2021 16:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <conio.h> | |
| #define HACKSYS_HEVD_IOCTL_STACK_OVERFLOW_GS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER, FILE_ANY_ACCESS) | |
| #define KTHREAD_OFFSET 0x124 // nt!_KPCR.PcrbData.CurrentThread | |
| #define EPROCESS_OFFSET 0x050 // nt!_KTHREAD.ApcState.Process | |
| #define PID_OFFSET 0x0B4 // nt!_EPROCESS.UniqueProcessId | |
| #define FLINK_OFFSET 0x0B8 // nt!_EPROCESS.ActiveProcessLinks.Flink |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include <conio.h> | |
| #define HACKSYS_HEVD_IOCTL_STACK_OVERFLOW CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_NEITHER, FILE_ANY_ACCESS) | |
| #define HACKSYS_HEVD_IOCTL_STACK_OVERFLOW_GS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_NEITHER, FILE_ANY_ACCESS) | |
| #define KTHREAD_OFFSET 0x124 // nt!_KPCR.PcrbData.CurrentThread | |
| #define EPROCESS_OFFSET 0x050 // nt!_KTHREAD.ApcState.Process | |
| #define PID_OFFSET 0x0B4 // nt!_EPROCESS.UniqueProcessId | |
| #define FLINK_OFFSET 0x0B8 // nt!_EPROCESS.ActiveProcessLinks.Flink | |
| #define TOKEN_OFFSET 0x0F8 // nt!_EPROCESS.Token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sqlite3 | |
| import argparse | |
| import os | |
| import subprocess | |
| import re | |
| # This script iterates over all executable files within given directory (e.g. C:\Windows, C:\Program Files) | |
| # and runs `rabin2 -i EXEPATH` in order to obtain its import table, then saves the import table into the database (SQLite). | |
| # We will use this database later for further analysis purposes. |
ewilded
/ BuildUnencodedRequest.java
Created
March 24, 2018 04:54
— forked from pajswigger/BuildUnencodedRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package burp; | |
| import java.util.Random; | |
| public class BuildUnencodedRequest | |
| { | |
| private Random random = new Random(); | |
| private IExtensionHelpers helpers; | |
| BuildUnencodedRequest(IExtensionHelpers helpers) |
ewilded
/ spectre.c
Created
January 5, 2018 08:27
— forked from rootkea/spectre.c
PoC from Spectre Attacks: Exploiting Speculative Execution (https://spectreattack.com/spectre.pdf)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ | |
| #endif |