go mod init
go get golang.org/x/sys/windows
go get golang.org/x/sys/windows/svc
GOOS=windows GOARCH=amd64 go build -o uishell.exe
sc create UiShellSvc binPath="C:\path\uishell.exe" start=demand
sc start UiShellSvc
go mod init
go get golang.org/x/sys/windows
go get golang.org/x/sys/windows/svc
GOOS=windows GOARCH=amd64 go build -o uishell.exe
sc create UiShellSvc binPath="C:\path\uishell.exe" start=demand
sc start UiShellSvc
WSASS and similar tools dump PPL-protected
LSASS by abusing an out-of-date WerFaultSecure.exe (the missing PPL check is the
whole point of using the old binary, so a version-matched build is not an option).
On a modern OS that old binary is no longer ABI-compatible with the host's
wer.dll / faultrep.dll, and WER's stitched minidump writer mis-drives
MiniDumpWriteDump: seeks in the I/O callback are dropped, so memory writes are
appended instead of placed. The resulting file keeps a valid MDMP magic but:
MINIDUMP_HEADER's NumberOfStreams / StreamDirectoryRva are stale (they| import zipfile | |
| import re | |
| import sys | |
| """ | |
| <draw:image xlink:href="Pictures/1000000100000538000005385B1FE860.png" xlink:type="simple" xlink:show="embed" xlink:actuate="onLoad" draw:mime-type="image/png"/> | |
| <draw:image xlink:href="./ObjectReplacements/Object 1" xlink:type="simple" xlink:show="embed" xlink:actuate="onLoad"/> | |
| """ | |
| regex = re.compile('<draw:image[^>]*(png|ObjectReplacements)[^>]*>') |
| -void SampDsValidateNgcKeyValueForComputer(undefined8 param_1,undefined8 param_2) | |
| +int SampDsValidateNgcKeyValueForComputerNew(undefined8 param_1,undefined8 param_2) | |
| { | |
| - undefined1 local_58 [80]; | |
| + int iVar1; | |
| + undefined2 uVar2; | |
| + undefined4 uVar3; | |
| + undefined4 uVar4; |
| import requests | |
| from pathlib import Path | |
| import uuid | |
| headers = { | |
| 'X-Session-Id': str(uuid.uuid4()), | |
| 'X-Request-Id': str(uuid.uuid4()) | |
| } | |
| base_html = Path('./base.html').read_text() |
| import os | |
| import sys | |
| import requests | |
| def create_memos(baseurl, auth_cookie, folder_path): | |
| headers = { | |
| 'Cookie': f'memos.access-token={auth_cookie}', | |
| 'Content-Type': 'application/json' | |
| } |
| import json | |
| import string | |
| from pathlib import Path | |
| import sys | |
| if len(sys.argv) != 3: | |
| print(f'Usage: {sys.argv[0]} bookmarkfile.json outputPathBase') | |
| exit() | |
| data = json.load(open(sys.argv[1],'r')) |
| import struct | |
| import sys | |
| def xor_checksum(data): | |
| checksum = 0 | |
| for byte in data: | |
| checksum ^= byte | |
| return checksum & 0xFFFF | |
| def create_dos_eps(postscript_path, tiff_path, output_path): |
| #include <windows.h> | |
| #include <lm.h> | |
| #include <stdio.h> | |
| #pragma comment(lib, "Netapi32.lib") | |
| void AddUserToLocalGroup(LPCWSTR userName, LPCWSTR groupName) { | |
| LOCALGROUP_MEMBERS_INFO_3 memberInfo; | |
| NET_API_STATUS status; |
| import socket | |
| import threading | |
| # Configuration | |
| LISTEN_HOST = '0.0.0.0' # Listen on all interfaces | |
| LISTEN_PORT = 12345 # Port to listen on | |
| TARGET_HOST = 'example.com' # Destination host | |
| TARGET_PORT = 80 # Destination port | |
| SEARCH_BYTES = b'hello' # Byte sequence to search for | |
| REPLACE_BYTES = b'world' # Replacement byte sequence |