Skip to content

Instantly share code, notes, and snippets.

View Dviros's full-sized avatar
💭
😼 😼 😼 😼 😼 😼 😼 😼 😼 😼

Dvir S. Dviros

💭
😼 😼 😼 😼 😼 😼 😼 😼 😼 😼
129 followers · 52 following
View GitHub Profile
@Dviros
Dviros / windows_and_office_kms_setup.adoc
Created September 17, 2025 04:45 — forked from jerodg/windows_and_office_kms_setup.adoc
Activate Windows and Office Using KMS Server

Microsoft Windows and Office KMS Setup

@Dviros
Dviros / get_dll_from_symbol_server.cpp
Created February 9, 2025 21:44 — forked from eversinc33/get_dll_from_symbol_server.cpp
https://x.com/eversinc33/status/1888577040594411956
#include <windows.h>
#include <iostream>
#include <sstream>
std::string
GetSymbolServerURL(
const std::string& moduleName
)
{
/* Extract timestamp and image size from a module
@Dviros
Dviros / PDF_BFer.py
Created January 19, 2025 21:35
import multiprocessing
import subprocess
from tqdm import tqdm
from colorama import Fore, Style
import itertools
def generate_passwords(start, end, length, queue, chunk_size=1000):
"""Generate passwords and push them into a queue in chunks."""
try:
@Dviros
Dviros / TG_Milker.py
Created January 19, 2025 21:34
import requests
import time
from colorama import Fore, Style
# Replace with your bot token
BOT_TOKEN = '<bot token here>'
BASE_URL = f"https://api.telegram.org/bot{BOT_TOKEN}"
# Function to make API requests
@Dviros
Dviros / runme.sh
Last active October 21, 2024 06:32
Homeassistant and Cloudflared tunnel!
#!/bin/bash
# motivation for this script came after I found out that the official add in is not supported in Docker based installations, such as Core.
# after a long time of making it work, I created this script that will allow anyone with a Cloudflare managed domain to have this setup as well.
# please review the IP's and domains mentioned for your own setup, make the relevant adjustments if needed.
# feedback and ideas are highly appreciated
# Exit on any error
@Dviros
Dviros / zendesk.md
Created October 14, 2024 11:28 — forked from hackermondev/zendesk.md
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@Dviros
Dviros / CVE-2023-21939.md
Created August 28, 2023 05:32 — forked from win3zz/CVE-2023-21939.md
CVE-2023-21939 - Code Exec - Proof of Concept

CVE-2023-21939 - Code Exec - Proof of Concept

Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie

@Dviros
Dviros / darkmode.bat
Last active October 17, 2025 06:20
@echo off
echo Creating new theme file...
copy "C:\Windows\Resources\Themes\aero.theme" "C:\Windows\Resources\Themes\aero-dark.theme"
echo Modifying theme file...
powershell -Command "(gc C:\Windows\Resources\Themes\aero-dark.theme) -replace 'DisplayName=Aero', 'DisplayName=Aero Dark' | Out-File C:\Windows\Resources\Themes\aero-dark.theme"
echo Applying theme...
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v SystemUsesLightTheme /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\CurrentTheme" /v "Default" /d "C:\Windows\Resources\Themes\aero-dark.theme" /f
powershell -Command "get-Process -Name explorer | Stop-Process"
@Dviros
Dviros / urbandoor.cs
Created April 18, 2023 08:50 — forked from monoxgas/urbandoor.cs
Minimal PoC code for Kerberos Unlock LPE (CVE-2023-21817)
using NtApiDotNet;
using NtApiDotNet.Ndr.Marshal;
using NtApiDotNet.Win32;
using NtApiDotNet.Win32.Rpc.Transport;
using NtApiDotNet.Win32.Security.Authentication;
using NtApiDotNet.Win32.Security.Authentication.Kerberos;
using NtApiDotNet.Win32.Security.Authentication.Kerberos.Client;
using NtApiDotNet.Win32.Security.Authentication.Kerberos.Server;
using NtApiDotNet.Win32.Security.Authentication.Logon;
using System;
@Dviros
Dviros / otto_avoid.ino
Created April 1, 2023 10:08
BHIL2023 - Otto Avoid Competition Winner
#include <Otto.h>
#include <Servo.h>
#include <EEPROM.h>
Otto Otto;
#define LeftLeg 2 // left leg pin
#define RightLeg 3 // right leg pin
#define LeftFoot 4 // left foot pin
#define RightFoot 5 // right foot pin
#define Buzzer 13 //buzzer pin