Giter Site home page Giter Site logo

themebleed's Introduction

ThemeBleed

Proof-of-Concept for CVE-2023-38146 ("ThemeBleed")

Usage: ThemeBleed.exe <command>

Commands:
        server                                   - Runs the server
        make_theme <host> <output path>          - Generates a .theme file referencing the specified host
        make_themepack <host> <output_path>      - Generates a .themepack file referencing the specified host

Data files

The binaries in data correspond to the 3 files returned to the target by the PoC.

  • stage_1 - An msstyles file with the PACKTHEM_VERSION set to 999.
  • stage_2 - A valid unmodified msstyles file to pass the signature check.
  • stage_3 - The DLL that will be loaded and executed. The provided example simply launches calc.exe.

To make your own payload, create a DLL with an export named VerifyThemeVersion containing your code, and replace stage_3 with your newly created DLL.

themebleed's People

Contributors

gabe-k avatar

Stargazers

Avin Fajar F avatar Jim_Di avatar Daniel Puente avatar avatar Zaid Taha avatar Achmad Adhikara avatar Zine Eddine avatar hxz avatar fennec avatar avatar 1nv0k3r avatar 4l3x777 avatar reza.duty avatar Manthan Chhabra avatar fluffydolphin avatar Abang Obed avatar MidwintersTomb avatar avatar Ben Wildee avatar TOUHAMI KASBAOUI avatar avatar avatar avatar Cody "K0mraid" Stobaugh avatar methimpact avatar Chris Craig avatar X avatar ac1d avatar 4FK avatar Aidoo avatar Emmanuel Akobe-Ajibolu avatar avatar Sean Kilfoy avatar avatar avatar avatar avatar avatar Violet avatar Pwned avatar avatar avatar avatar avatar Clutch_Reboot avatar Amarjit Labhuram avatar Dawid Pastuszak avatar Mike avatar avatar Scbisui avatar Andre Buck Miedzinski avatar paranoid soul avatar Bryan McNulty avatar avatar ⠀ avatar Subxpl0it avatar pr9n avatar avatar Isaac avatar Younes Tasra avatar EmSec avatar 0xretr0 avatar Felix Kiprop avatar Ulysses avatar 0xfd avatar avatar 网络男孩 avatar come2arkside avatar Jacob Ebben avatar mendacus avatar avatar Yyy avatar Nicolas Vincent avatar avatar Micheal Drane avatar obelia avatar 0乂ᐯ爪 avatar avatar avatar avatar avatar Erik avatar Nicolas RUFF avatar Lasse D. avatar Smith Noorah avatar Alexis Sirbulescu avatar Ali Rasoulian avatar avatar Sina Pirani avatar avatar avatar Naz Markuta avatar Samy Lahfa avatar avatar avatar TouchstoneTheDev avatar 任意门 avatar Diego Tellaroli avatar Security Research avatar whsiper avatar

Watchers

avatar avatar avatar Zine Eddine avatar avatar

Forkers

clavoillotte ruppde askyeye sirrushoo zha0 killvxk mitjakolsek djhohnstein weedcookie merlin2004 orzchen dbb-pro c0c0red cyb3rm3g wubonetcn y11en eason-zz diegoalbuquerque noorahsmith 0xjamesli wlaoduo red-infosec fdlucifer xeqtter prakash-rokade dannymas jubeenshah nckiwourf play0000 brerodrigues iano0795 whogotpwned r3dc4t0x00 akobe-ajibolu li2856705 pronssec

themebleed's Issues

Error running stage_3

Hey,

I actually run in an error if I use your stage_3 DLL and wonder why?

I run the following command to make the calc.exe appear, just to be sure the DLL works correctly:

rundll32.exe stage_3, VerifyThemeVersion

I checked the DLL with the CFF-Explorer to see whether VerifyThemeVersion appears as an exported name under the "Export Directory" so everything is exported correctly, which is definitely the case.

Nevertheless if I run the command above it always tells me "There was a problem starting stage_3. The specified module could not be found". I am running the Windows 11 VirtualBox Image from the MS website and Defender ist disabled.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.