Skip to content

Instantly share code, notes, and snippets.

View masthoon's full-sized avatar

Mastho masthoon

92 followers · 47 following
View GitHub Profile
@masthoon
masthoon / test_reloc_pefile.py
Last active August 11, 2017 17:26
pefile optimization (get_memory_mapped_image)
import pefile
"""
$ python test_reloc_pefile.py
Test with ntdll.dll - with bytearray and custom setter
Parse PE : 0.054 seconds
574 relocs to handle !
Relocate it : 0.048 seconds
Test with ntdll.dll - with classic buffer
Parse PE : 0.053 seconds
@masthoon
masthoon / mssymbol.py
Last active August 10, 2020 07:08
MS Symbol helper (wrapper around dbghelp)
from ctypes import *
from ctypes import wintypes
from collections import namedtuple
import os
import tempfile
# CONFIG SYMBOLS
SYMBOLS_PATH = os.environ.get('_NT_SYMBOL_PATH')
if not SYMBOLS_PATH:
CACHE_PDB_PATH = os.path.join(tempfile.gettempdir(), "symbols")
@masthoon
masthoon / SystemCMD.cpp
Last active October 3, 2024 18:16
Launch SYSTEM CMD in user current session (from a service)
#include "stdafx.h"
#include <windows.h>
#include <Winbase.h>
#include <Wtsapi32.h>
#include <Userenv.h>
#include <malloc.h>
#pragma comment(lib, "Wtsapi32.lib")
#pragma comment(lib, "Userenv.lib")
@masthoon
masthoon / launch_wsl.py
Created February 10, 2018 16:14
Launch a WSL process from Python (Windows)
import sys
import windows
import windows.winproxy
import windows.generated_def as gdef
# List distro: wslconfig /l
class WSLAPIProxy(windows.winproxy.ApiProxy):
APIDLL = "wslapi"
default_error_check = staticmethod(windows.winproxy.no_error_check)
@masthoon
masthoon / amsi.py
Last active April 9, 2023 12:33
AMSI Interface in Python
import sys
import windows
import windows.winproxy
import windows.generated_def as gdef
class AMSIProxy(windows.winproxy.ApiProxy):
APIDLL = "Amsi"
default_error_check = staticmethod(windows.winproxy.no_error_check)
"""
@masthoon
masthoon / fakewebdav.py
Created May 12, 2018 04:49
Basic WebDAV server
import os, binascii
from flask import Flask, Response, abort
def random_etag():
return "1000-" + binascii.b2a_hex(os.urandom(6))
app = Flask(__name__)
PORT = 80
DLL_ETAG = random_etag()
@masthoon
masthoon / wu.md
Last active June 27, 2019 01:38
Write up for Defcon Quals 2018

stumbler

This challenge is a reverse / exploit composed of 5 binaries (ELF 64 bits).

We were unable to launch it locally (wrong libboost version) so, we solved the challenge directly on the remote side.

When you connect to the challenge, it send you a 32 bytes hex-encoded random string.

By looking at Stumbler binary, we found and reversed the generation and verification of the proof of work.

@masthoon
masthoon / rpc_dump_rs4.txt
Last active May 26, 2024 05:39
RPC interfaces RS4
--------------------------------------------------------------------------------
<WinProcess "smss.exe" pid 520 at 0x5db0c50L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ff868230000
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 776 at 0x5db0908L>
64
Interfaces :
Endpoints :
@masthoon
masthoon / rpc_dump_rs5.txt
Created January 15, 2019 06:49
RPC interfaces RS5
--------------------------------------------------------------------------------
<WinProcess "smss.exe" pid 368 at 0x5306908L>
64
[!!] Invalid rpcrt4 base: 0x0 vs 0x7ffec24f0000
--------------------------------------------------------------------------------
<WinProcess "csrss.exe" pid 472 at 0x5306e48L>
64
Interfaces :
Endpoints :
@masthoon
masthoon / cygeop.cpp
Created January 21, 2019 07:54
Cygwin SSHD EoP
// CygEOP.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <Windows.h>
#include <psapi.h>
#pragma comment(lib, "ntdll.lib")
#define STATUS_SUCCESS 0