Skip to content

Instantly share code, notes, and snippets.

View OsandaMalith's full-sized avatar

Osanda Malith Jayathissa OsandaMalith

View GitHub Profile
@OsandaMalith
OsandaMalith / shell.py
Created October 3, 2019 10:15
A simple python shell
import subprocess
import os
import sys
'''
A simple python shell
Author: @OsandaMalith
'''
while True:
@OsandaMalith
OsandaMalith / Unload_Minifilter.c
Last active July 29, 2024 14:23
Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter. It will call the minifilter's FilterUnloadCallback (PFLT_FILTER_UNLOAD_CALLBACK) routine.
#include "stdafx.h"
#include <Windows.h>
#include <fltuser.h>
#pragma comment(lib,"FltLib.lib")
/*
Author: Osanda Malith Jayathissa (@OsandaMalith)
Website: https://osandamalith.com
Description: Unloading a minifilter driver by calling the FilterUnload which is the Win32 equivalent of FltUnloadFilter.
@OsandaMalith
OsandaMalith / CreateMinidump_HotPatch.cpp
Last active September 12, 2019 04:46
The function CreateMinidump is only available in Windows XP and Windows Server 2003. If you want to get this working in other Windows systems, copy the DLL from XP or Server 2003 and place it in the same folder. This DLL has no ASLR enabled and therfore the address are hardcoded.
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
using namespace std;
/*
Title: Faultrep!CreateMinidump Hot Patch to get a full dump passing MiniDumpWithFullMemory as the MINIDUMP_TYPE.
Author: Osanda Malith Jayathissa (@OsandaMalith)
Research: https://osandamalith.com/2019/09/08/minidumpwritedump-via-faultrepcreateminidump/
@OsandaMalith
OsandaMalith / CreateMinidump.cpp
Last active January 27, 2020 15:14
Faultrep!CreateMinidump undocumented API. The API only exists in Windows XP and Windows Server 2003. You can copy the DLL and place it in the same folder.
#include <windows.h>
#include <TlHelp32.h>
#include <iostream>
using namespace std;
/*
Title: Faultrep!CreateMinidump to get a full dump passing MiniDumpWithFullMemory as the MINIDUMP_TYPE.
Author: Osanda Malith Jayathissa (@OsandaMalith)
Research: https://osandamalith.com/2019/09/08/minidumpwritedump-via-faultrepcreateminidump/
The function CreateMinidump is only available in Windows XP and Windows Server 2003.
@OsandaMalith
OsandaMalith / MsgBoxExe2DLL
Created August 26, 2019 21:30
A simple msgbox converted from an EXE to a DLL. The exported function is Run.
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5v
dCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABM7TuOCIxV3QiMVd0IjFXd
bepW3AGMVd1t6lDcgoxV3W3qUdwajFXdM9JW3BiMVd0z0lDcFYxV3TPSUdwZjFXd
bepU3A2MVd0IjFTdWYxV3Z/SUdwJjFXdn9JX3AmMVd1SaWNoCIxV3QAAAAAAAAAA
AAAAAAAAAABQRQAATAEGAJwfZF0AAAAAAAAAAOAAAiELAQ4AAKoAAAB+AAAAAAAA
2LkAAAAQAAAAwAAAAABAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAABwAQAABAAA
AAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAYAEAABAAACQQAQA8AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFABAIQNAABwCQEAHAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAJAJAQBAAAAAAAAAAAAAAAAAwAAACAEAAAAAAAAAAAAA
#include <stdio.h>
//@OsandaMalith
const char *string[][2] = {
{"Osanda","Malith"} ,
{"ABC","JKL"},
{"DEF","MNO"},
};
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v3.1.3
Comment: https://openpgpjs.org
xsBNBFTdTYIBCAC7J9zTkGISNp3grbXscyY7AKhFVnxg2Cb79NE2d18wrlaA
4XMIQD+sEPI7fzYN+26wMDoFjGM7WKP8oOLBHY5BclmARZbxYelUSdPPq4tg
ohV8bjJ/+DvAxqUqmvJ7cz+inOD2meWXS63BZLQtwfNSIr99Nh8CWPf0hvNL
sSpgcD8fbYCBlLFjJhpTBTgLpMWhA5hi1ygSvIrSc/yqmjHgCerB+GVpKctt
o9wyq/Yfjps+qPGY73JUcHPThPAdi4DI1fHYk8qr71iechmgOVhJ3YHzZxjg
lpbBFQs6k9JFnx6q7pNEeUTtG+glcLYA2PBQZ4E7D8+yQZ+Z668VCXg3ABEB

Keybase proof

I hereby claim:

  • I am osandamalith on github.
  • I am osandamalith (https://keybase.io/osandamalith) on keybase.
  • I have a public key ASCfqDPzWwYPaREcF79e9gKYERtHxDq8YCCO92JylChSTgo

To claim this, I am signing this object:

@OsandaMalith
OsandaMalith / runas.ps1
Created June 13, 2018 22:48
A simple automation to run a program under a different user
<#
# Title: A simple automation to run a program under a different user
# Author: Osanda Malith (@OsandaMalith)
# Website: https://osandamalith.com
#>
add-type -AssemblyName microsoft.VisualBasic
add-type -AssemblyName System.Windows.Forms
$args = "/user:jane " + $args[0]
@OsandaMalith
OsandaMalith / magic.c
Created December 18, 2017 16:05
Compile this using Dev-C++ or if you use VStudio disable DEP
/*
* Author: @OsandaMalith
* Website: https://OsandaMalith.com
*/
unsigned char string[] =
"‰åÛ×ÙuôXPYIIIIIIIIIICCCCCC7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIhh9okOKOyokpqOl"
"ytdFbC15QnaIauQc1WqgqOsiWuMGCzVKLmZEWWLffdO2dO6oZyrZVZHc6WvtFvfaNnkkNK1Jf8r"
"gr4Fwv89c3FfwvffillmfagLgwzBXz0ULKzLLCxlGLf3RvbwOInmTPLwkHJHQ0URWvc6nkxp2HK"
"NVbDFdFkOKf2HFkwsgvvfYoIFu8b54CFfEVyoN6Lym0v3dqbkhhIo7qWvdFmiQYu7JrONHhIeUQ"
"tFfflKKhOIYKXZHkN0k9QMXLixzFfaWvwvMipL6lfbNNOyQU9lKXJyeQFf4FH9oWFkry7xnicuJ"