https://gist.github.com/jhalon/5cbaab99dccadbf8e783921358020159
- MSVC v140 - VS 2015 C++ build tools (v14.00)
- MSVC v141 - VS 2017 C++ x64/x86 build tools (v14.16)
- Windows 10 SDK (10.0.17134.0)
- Visual Studio 2017 Community
Matteo Malvica uf0o
uf0o
/ CVE-2018-17463_v8_setup.md
Last active
May 24, 2023 10:53
v8/d8 build guide for CVE-2018-17463 (May 2023)
uf0o
/ dump_iat.py
Created
April 18, 2022 16:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pykd import * | |
| import sys | |
| # .load pykd. | |
| # !py c:\users\uf0\desktop\dump_iat.py target_module_name|all [dep] | |
| def usage(): | |
| print("USAGE: !py c:\\users\\uf0\\desktop\\dump_iat.py target_module_name|all [dep]") | |
| def fetch_iat(module,cmd,dep): |
uf0o
/ processgodfathering.cpp
Created
April 6, 2021 08:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <tlhelp32.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <iostream> | |
| #include <stdarg.h> | |
| void _dbg_printf(const char *fmt, ...) | |
| { | |
| char msg[2048] = {}; |
uf0o
/ ioctl_translator.py
Created
March 26, 2021 14:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import sys | |
| def auto_int(x): | |
| return int(x, 0) | |
| # Modded by Matteo 'uf0' Malvica - 2021 | |
| # The following code is taken from | |
| # https://github.com/mwrlabs/win_driver_plugin/blob/master/win_driver_plugin/ioctl_decoder.py |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <winternl.h> | |
| #pragma comment(lib, "ntdll") | |
| #define IOCTL_BEEP CTL_CODE(FILE_DEVICE_BEEP, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) | |
| typedef struct _BEEP_SETTINGS { | |
| ULONG ulFrequency; |
uf0o
/ crude_ioctl_fuzzer.py
Last active
April 11, 2024 06:29
A crude IOCTL fuzzer for windows driver testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import sys | |
| import io | |
| from ctypes import windll, POINTER, byref | |
| from ctypes.wintypes import LPVOID, DWORD, LPCSTR, LPSTR, BOOL, HANDLE | |
| DeviceIoControl = windll.kernel32.DeviceIoControl | |
| CreateFileA = windll.kernel32.CreateFileA | |
| CloseHandle = windll.kernel32.CloseHandle |
uf0o
/ find_ioctls.py
Last active
March 26, 2021 17:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Author: Matteo 'uf0' Malvica @matteomalvica | |
| Tested with IDA 7.5 and Py3 | |
| Original plugin: https://github.com/FSecureLABS/win_driver_plugin | |
| """ | |
| def getopvalue(addr): | |
| """Returns the value of the second operand to the instruction at `addr` masked to be a 32 bit value""" | |
| return idc.get_operand_value(addr, 1) & 0xffffffff |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/user/bin/env python3 | |
| """ | |
| POP-POP-RET finder ported in py3 and IDA Pro 7.5 | |
| Author: Matteo 'uf0' Malvica | |
| """ | |
| import idc | |
| import ida_bytes |
uf0o
/ Druva_inSync_Windows_Client_6_6_3.py
Created
May 21, 2020 15:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation via path traversal | |
| # Date: 2020-05-21 | |
| # Exploit Author: Matteo Malvica | |
| # Credits: Chris Lyne for previous version's exploit | |
| # Vendor Homepage: druva.com | |
| # Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi | |
| # Version: 6.6.3 | |
| # Tested on: Windows 10 1909-18363.778 | |
| # Command injection in inSyncCPHwnet64 RPC service |
uf0o
/ tap_masscarp.py
Last active
January 20, 2021 16:02
— forked from avicoder/Arp-Scanner.py
Arp scan+masscan local subnet via the tap/tun interface # written in python (Scapy module)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ! /usr/bin/python | |
| # Original Author == @avicoder | |
| # Remixed by == @uf0 | |
| # | |
| # This script aims to automate the burder of masscanning connected hosts on a local network via a virtual interface like tun/tap. | |
| # The tool performs a masscan on the provided port, port-range after ARP scanning all host on a LAN. | |
| import sys,getopt,subprocess |