This works only for nvidia cards running on x11!
I'm not responsible for any damage this might cause. Do at your own risk
Sometimes you will only have the console accessible, therefore open this document on another device. I tested this with the following versions.
|Software|Version|
| __int64 __fastcall sub_1400E4124(int a1, __int64 a2, __int64 a3, unsigned int a4) | |
| { | |
| unsigned int v4; // r10d | |
| int v5; // ebp | |
| int v10; // edx | |
| unsigned int v11; // eax | |
| unsigned int v12; // r10d | |
| int v13; // r14d | |
| unsigned int v14; // edi | |
| unsigned int v15; // esi |
| # Source: System.Management.Automation.dll | |
| # This list is used to determin if a ScriptBlock contains potential suspicious content | |
| # If a match is found an automatic 4104 with a "warning" level is generated. | |
| # https://github.com/PowerShell/PowerShell/blob/master/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs | |
| - "Add-Type" | |
| - "AddSecurityPackage" | |
| - "AdjustTokenPrivileges" | |
| - "AllocHGlobal" | |
| - "BindingFlags" | |
| - "Bypass" |
| # | |
| # Automatically generated file; DO NOT EDIT. | |
| # crosstool-NG 1.25.0 Configuration | |
| # | |
| # This is really dangerous! It allows me to run ct-ng as root from within manjaro-arm-tools. | |
| # Do not do this unless you know exactly what you are doing!!! | |
| # You have been warned. I'm in no way, shape or form, responsible for any damage it may cause if used in ANY other context. | |
| CT_EXPERIMENTAL=y | |
| CT_ALLOW_BUILD_AS_ROOT=y |
| <script language="VBScript"> | |
| Set obj = GetObject("new:C08AFD90-F2A1-11D1-8455-00A0C91F3880") | |
| obj.Document.Application.ShellExecute "calc.exe",Null,"C:\Windows\System32",Null,0 | |
| self.close | |
| </script> |
Microsoft purchased the software Softricity SoftGrid in 2006 and renamed it to Microsoft Application Virtualization, or App-V for short. Windows shipped with several libraries in System32 and SysWOW64 to support App-V.
One App-V library stands out from all the rest because it only has one exported function named IllBeBack...
That's right!
A library signed by Microsoft, with Terminator in the name, that only has a single callable function named IllBeBack.
| #!/usr/bin/env python3 | |
| # python3 update of https://gist.github.com/dergachev/7028596 | |
| # Create a basic certificate using openssl: | |
| # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| # Or to set CN, SAN and/or create a cert signed by your own root CA: https://thegreycorner.com/pentesting_stuff/writeups/selfsignedcert.html | |
| import http.server | |
| import ssl | |
| httpd = http.server.HTTPServer(('127.0.0.1', 443), http.server.SimpleHTTPRequestHandler) |
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| DWORD GetLsassPid() { | |
| PROCESSENTRY32 entry; | |
| entry.dwSize = sizeof(PROCESSENTRY32); |
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
| Explanations: | |
| cache: If you include other words in the query, Google will highlight those words within | |
| the cached document. For instance, [cache:www.google.com web] will show the cached | |
| content with the word βwebβ highlighted. This functionality is also accessible by | |
| clicking on the βCachedβ link on Googleβs main results page. The query [cache:] will | |
| show the version of the web page that Google has in its cache. For instance, | |
| [cache:www.google.com] will show Googleβs cache of the Google homepage. Note there | |
| can be no space between the βcache:β and the web page url. | |
| ------------------------------------------------------------------------------------------ |
